[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Permission management with LDAP

To: "Fischer, Johannes" <johannes.fischer@ipa.fraunhofer.de>
Subject: Re: Permission management with LDAP
From: Dieter Klünter <dieter@dkluenter.de>
Date: Fri, 28 Aug 2015 09:36:04 +0200
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <EA7399765D4E5A44848CEFE00AE00BAC92DCEF@IPA-EX-MBX2.ipa.stuttgart>
Organization: AVCI
References: <EA7399765D4E5A44848CEFE00AE00BAC92DCEF@IPA-EX-MBX2.ipa.stuttgart>

Am Fri, 28 Aug 2015 06:06:06 +0000
schrieb "Fischer, Johannes" <johannes.fischer@ipa.fraunhofer.de>:

> Hi again,
> 
> I didn’t want to do a thread high jacking so here a second mail with
> a complete other question
> 
> If I’have a structure like:
> User
> 
> -          Role
> Role
> 
> -          User
> 
> -          Permission
> Permission
> 
> -          Role
> 
> Now I want to get the authorization for some permission, So I have
> the information which user and which Permission. Now I need to match
> the list. The way it already work: Get all Roles for a Permission
>                 Search in the user for the Role
> If found Authorization
> Else no
> Therefore I need at least two requests to the LDAP server

For this sort of tasks I use slapo-memberof(5) and a proper filter. 
Something like (&(uid=$1)(memberOf=myGroup))

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- AW: Permission management with LDAP
  - From: "Fischer, Johannes" <johannes.fischer@ipa.fraunhofer.de>

References:
- Permission management with LDAP
  - From: "Fischer, Johannes" <johannes.fischer@ipa.fraunhofer.de>

Prev by Date: load balancer
Next by Date: Re: Send Success with first found entry
Index(es):
- Chronological
- Thread