On Mon, Apr 9, 2012 at 3:48 PM, Camron W. Fox <[email protected]> wrote: > We have received a requirement to allow mortal users to manage their > own non-critical LDAP data (Phone #'s, Office Location, Department, > etc.) via a web based interface.
I support this using OpenLDAP access directives: http://www.openldap.org/doc/admin24/access-control.html, and a custom web app (Rails) that provides a different user-page depending on your access level. Note, however, that this solution has limitation. Any access directive that uses a regular expression is significantly more difficult for the server to process than a "normal" access directive. Additionally, the way Rails deals with objects makes it difficult to setup and use an ldap connection for each user; which you need to do in order to make the access directives useful. Alternatly you could "cheat" and use an admin account for the web app to communicate with LDAP and rely on the security of the app to ensure that a user can't modify another user's account. -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
