subject:"Re\: \[ApacheDS\] Management of users groups roles and permissions for different tools \(web apps\)"

Re: [ApacheDS] Management of users groups roles and permissions for different tools (web apps)

2018-02-08 Thread Shawn McKinney


> On Feb 8, 2018, at 9:42 AM, Emmanuel Lécharny  wrote:
> 
> Shawn might want to add something to what I wrote (he is teh man behind
> Fortress).

I’d say you nailed it Emmanuel.  Here’s a link to the fortress overview:
http://directory.apache.org/fortress/overview.html

Re: [ApacheDS] Management of users groups roles and permissions for different tools (web apps)

2018-02-08 Thread Emmanuel Lécharny



Le 08/02/2018 à 16:03, damian.ba...@t-systems.com a écrit :
> ?Hello All,
> 
> 
> I'm Damian Baran and I work for T-Systems. I don't have a lot of experience 
> with LDAP, just basic knowledge. I have setup my own local testlab with 
> Apache DS as LDAP serever, Apache Directory Studio as LDAP browser and some 
> local instances of tools we use in our company. During this exploration I got 
> idea that most of the "digital tools" out there use user/group/role 
> permission model. What I don't understand is why these tools doesn't support 
> such deep LDAP integration? Why you can't just manage users, groups, roles 
> and permissions in one place in LDAP and just configure tool to retrieve this 
> data from LDAP?

probably because everybody like to reinvent the wheel ;-)

> 
> 
> BTW I don't know if LDAP have such possibilities to fully take over 
> management of users, groups, roles and permissions for different tools (web 
> apps). Do you have some experience with that??

Actually, managing entities like user/group/roles is well defined by
RBAC (Role Bases Access Control :
https://en.wikipedia.org/wiki/Role-based_access_control).

The Apache Directory Fortress project is a Java API that relies on LDAP
to store its data, and teh API offers everything you might want to do
wrt user/group/permissions.

Also note that user/group/permission is an operating system concept, and
it's really limited. There is nothing, for instance, related to
expiration, delegation, etc, which are parts of user management.

Shawn might want to add something to what I wrote (he is teh man behind
Fortress).

Hope it helps.

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: [ApacheDS] Management of users groups roles and permissions for different tools (web apps)

Re: [ApacheDS] Management of users groups roles and permissions for different tools (web apps)

2 matches

Site Navigation

Mail list logo

Footer information