Re: [Acegisecurity-developer] Quest question about using LDAP

[Got Milk?]

If your application has only URI or remote services security, I would agree that LDAP should faciliate both providing your application with authentication information and your user ROLES. I think with the classes that Acegi has for LDAP, this makes ROLE lookups easy and straight forward. The downside is that if you are constantly adding users and granting Roles to them, your LDAP admin may not like you very much.

As for Domain Object security, this requires more of a RDBMS type structure, you may want to consider moving your Users and Roles to a centralized location, which would not make LDAP a good solution.

On 4/15/06, Ray Krueger <[EMAIL PROTECTED]> wrote:

When using LDAP as an authentication source, where do you guys feel
the ROLEs belong? Should they be managed in LDAP by whatever LDAP
admin is in charge, or should the ROLEs be stored in the application
database and associated to some user table based on the LDAP username?

I thinki it is a design question that could go either way. I just
wanted to get some expert opinions.
-Ray


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmdlnk&kid0944&bid$1720&dat1642
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer