Thanks for your answer, it was what I was expecting from what I saw yesterday.
I saw LDAP ACL's but they are used only to restrict access to LDAP itself. I was really hoping that LDAP had some nice way to handle fine grained permission system. I think I'll still use LDAP for managing my users, but I'll probably create some scripts to handle the permissions for all my application in a centralized mode. Gerik 2010/10/4 Diego Lima <[email protected]> > Hi AdaXi, > > While ldap is widely used as a means to achieve central > authentication, controlling access using LDAP is highly dependent on > the application you're using. The LDAP server itself does not care for > access controls or levels, and only stores information that will be > used by other applications. If the applications support using some > ldap attribute to restrict access or offer some sort of schema that > they'll use, then you can probably do that using only LDAP. LDAP > itself has Access Control Lists, but I don't think they'll do what you > are expecting, as they only control access to attributes held in the > server itself. > > Otherwise you'll be stuck by managing the applications individually > using their own built-in configuration methods. > > > 2010/10/4 AdaXi <[email protected]>: > > Hi everyone, I am kind of a newbie in OpenLDAP and LDAP in general, and I > > really need your help, I have been looking for a fine grained permission > > system to a project that I am in now, but could not find anything that > > satifies me. > > > > I have multiple applications that will authenticate using LDAP, but I > also > > want to control user access in each application. I want to be able to > allow > > specific acces to an element in one application. > > > > Examples : > > > > For database, I would like to assign read permissions to one or more > > database for one user. > > For a bulletin board, users can only post in some specifec boards. > > For a FTP server, users can only access specific directories. > > > > > > In first place is it realistic ? > > Do you know a way to do this only with LDAP ? (if yes, could you show me > a > > manual or guide) > > Do you know some piece of software that could help me ? > > > > Thanks in advance, > > > > AdaXi > > > > > > > > > > -- > Diego Lima >
