Hi Ray, Not sure about that I guess if the roles are based on some sort of organization structure (departments, job titles etc.) then the directory would be an obvious place for that information. If it's more app-specific then it's less obvious. Depends on what access you have to the system too - you can store just about anything in LDAP, so I don't see anything philosophically wrong with putting app-specific info in there. On the other hand, if the app is using a separate database then that may be the obvious place to store the roles, while still allowing centralized management of user accounts and login info for multiple uses. I don't think there's a definite answer either way...
By the way, we're planning to move the non-security specific LDAP stuff out of provider package, and using an org.acegisecurity.ldap package instead. Just to let you know :) cheers, Luke. Ray Krueger wrote: > When using LDAP as an authentication source, where do you guys feel > the ROLEs belong? Should they be managed in LDAP by whatever LDAP > admin is in charge, or should the ROLEs be stored in the application > database and associated to some user table based on the LDAP username? > > I thinki it is a design question that could go either way. I just > wanted to get some expert opinions. > -Ray > > -- Luke Taylor. Monkey Machine Ltd. PGP Key ID: 0x57E9523C http://www.monkeymachine.ltd.uk ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
