Hello all.
Today I was thinking about supporting roles & permissions using LDAP.
It seems that it will be fairly easy to support this.
We need to create an implementaion of om.security.AccessControlBuilder
that creates AccessControlList object and adds apropriate Roles
and Permissions to it.
I would like to propose a structure of information that a turbine
instance keeps in LDAP.
InitialContext
|
+-Turbine [applicationEntity] (instanceID)
|
+-Users [organizationalUnit]
| |
| +-User [person] (login, password, firstName, lastName, ..., role*)
| |
| +-User ...
|
+-Roles [organizationalUnit]
| |
| +-Role [top] (name, permission*)
| |
| +-Role ...
|
+-Permissions [organizationalUnit]
|
+-Permission [top] (name)
|
+-Permission ...
It would be great if people with more LDAP experience commented on that.
I have little experience, and I wouldn't be surprised if I got that all
upside down :)
Rafal.
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
