It *shouldn't* matter what brand you use, but since they may have their own implementations, it's helpful to know.
Directories are organized into containers named "Organizational Units" which are basically sub-directories similar to a file system. The admins can create an OU just for you, give you access and then you can create whatever objects they allow you to create in that OU. I have an OU just for my intranet site's security groups. I do use other domain-related groups for intranet permissions, but if there is a group that doesn't related to a network share or existing domain group, I create my own, specialized intranet security group. Yes, you can create a group and add your web site admins. Then, on each admin page, check to see if the current user is a member of that group. In fact, I store all groups, of which the user is a member, in the session scope. Then, I have a simple function that checks to see if the user is related to that group. This prevents me from needing an LDAP call on each page that is secured. Another nice feature of LDAP is you can add your own attributes to directory objects. You can actually treat the LDAP server as a database of sorts. For example, you can store the last time someone accessed your web site in their LDAP user object attributes. Basically, if it has to do with a user account or group, you can store it right in the LDAP directory and not have to create a database object to store the same information. Feel free to ask any LDAP questions you may have. I wouldn't call myself an expert, but I have a few years of CF -> Active Directory experience. M!ke -----Original Message----- From: daniel kessler [mailto:[EMAIL PROTECTED] Sent: Monday, March 14, 2005 12:30 PM To: CF-Talk Subject: Re: LDAP >What brand of LDAP server are you planning on using? If it's Windows >Active Directory, there are some things to know about. I don't know which LDAP server it is because I didn't realize I needed to know, hmmm. Time to ask. But it's the University of Maryland so I guess it's something that scales well. >If you have an LDAP server, use it rather than creating a DB to hold >security information. You can add people to group, add attributes, etc. >LDAP is mainly geared for user-type storage so there is little reason >to rebuild if LDAP will support your requirements. I don't know much about LDAPs. Are you saying that I can introduce my own group type and add existing people too it? I only want these two people into the Admin parts of my app, so could I make a group called <myApp_admin> and add them to it without affecting their current setup? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:198720 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
