LDAP/Netscape Directory folks... I was hoping someone with experiece could lend some advise... I am in charge of converting a legacy web application from basic authentication, to using authentication via LDAP on our Netscape Directory server. The problem is, our entire firm has valid LDAP password entries, but only a controlled subset of our user population should have access to this legacy application. We have some internal, privilege-based security in much of the application, but another portion really assumed that if the user was authenticated, they were a valid application user. We can tell if they are via a table entry in our Oracle database, but you can imagine this is an expensive operation. What is the standard solution, if any, to this kind of problem? Do we need to modify our schema to include a special attribute for our application? If so, how do I get Netscape Enterprise Server 3.6 to recognize the "filter" we'd need to have in place? I have already tried a solution with custom LDIF functions and the C LDAP SDK (from Netscape) but it has not proven very stable... our Netscape ES processes keep dying (and of course restarting,but the dying processes serve "No Data Returned" documents). Has anyone had any luck with this or the Authentication API/LDAP combination? Any insight you might have would be most valuable. Please cc me at dahmens-at-bah.com. (of course fix the address). Thanks, Stephen Dahmen
