directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yuriy Zubarev" <yzuba...@boats.com>
Subject ApacheDS as a provisioning platform
Date Thu, 18 Oct 2007 19:04:39 GMT
Greetings,

I guess I will start off with a brief description of requirements. They
are quite typical. A system should support a hierarchy of our customers.
We have "companies", each company have "offices" and each office have
"employees". Each employee have a set of permissions either assigned
directly or through roles. Both companies and offices may also be
assigned permissions either directly or through the roles. If a company
has a certain permission then all offices for this company and
subsequently employees would inherit this permission. In the same
fashion, if an office has a certain permission assigned to it then all
employees of that office would also inherit this permission. 

After having read
http://directory.apache.org/community%26resources/ldap-renaissance.html
and http://support.novell.com/techcenter/articles/ana20011101.html I
couldn't  get rid of a feeling that LDAP is exactly what we need. At the
same time we don't have any hard-core LDAP experience here and the
project time lines cannot afford lots of time for R&D.

Therefore I would like to ask if there any white paper or comprehensive
examples on how to use LDAP as a basis for a commercial system and
create a web application on top of it. I'm not talking about on how to
use LDAP just to authenticate users for a web app deployed on Tomcat or
something like this. I'm talking about a need for a web front-end where
CSRs and "admins" would manage LDAP hierarchies (CRUD for
company/office/person) and manage roles/permissions associated to those
entities. It's relatively easy to build such web front-end on top of a
database but what about LDAP server? Do we just give them LDAP client?
Obviously the system we are building is not dedicated to managing roles
and permissions but to selling "widgets". Roles and permissions are here
just to make managing of "widgets" more granular. These "widgets" and
everything that is associated with them are stored in DB. Then the next
question is how to integrate info from LDAP and DB.

In essence, I have a very limited experience with LDAP and while I
understand its ideas and benefits (or I think that I do), I cannot see
how to practically apply LDAP to our problem domain. This is not a
question about ApacheDS in particular but an inquiry about relevant
documentation.

Thank you for your time,
Yuriy


Mime
View raw message