Is it possible to use LDAP together with the Goole App Engine? 2011/3/21 Martin Weissenboeck <mweis...@gmail.com>
> Thank you for this hint. > I do not have any experience with LDAP but of course it would be an > interesting callenge to learn more. > > > 2011/3/21 Joe Barnhart <joe.barnh...@gmail.com> > >> Isn't this a perfect example of a place to use web2py with LDAP? >> >> -- Joe >> >> On Mar 20, 5:22 am, Martin Weissenboeck <mweis...@gmail.com> wrote: >> > Hi everybody, >> > I have the following problem: I need some kind of hierarchical >> > authorization. >> > >> > This is a simplified model: >> > Company C001...C500 >> > Departement D01...D15 >> > Group G01...G40 >> > Person P01...P30 >> > >> > Not every company has 15 departements, not every departement has 40 >> groups >> > and so on, but the whole program should work with up 200.000 persons. >> > >> > Now some authorizations: >> > >> > - Every person is allowed to change most of (but not all) of his >> personal >> > data. >> > - Some persons are allowed to change some data of the members of a >> > specified group or some groups or a departement. >> > - Some persons are allowed to send messages single persons or to the >> > members of a group or some groups or a departement or a company. >> > - Some persons are allowed to change all data of the members of a >> group >> > or some groups or a departement or a company. >> > - Some persons are allowed to do everything (including impersonate) >> with >> > all data of the members of a whole departement or company. >> > - ... and so on ... >> > >> > One person could be identified by a string field like >> "C003:D03:G12:P15". >> > >> > I think I could use the authorization and the decoration of web2py to >> allow >> > one person to modify data or to send messages. >> > >> > - But how could I use the authorization e.g. to modify only some >> data? >> > - And if somebody is allowed to change some data he should only see >> these >> > persons he is allowed to make modifications. >> > >> > A sql-statement "where ident like 'C003:D03:G12:%" could do the job. >> > >> > - But would it be fast enough for 200.000 persons? >> > - Is there any way to use theauthentization mechanism for this >> problem? >> > >> > Regards Martin >> > > >