directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wim V" <...@pizzastop.be>
Subject RE: memberOf Algorithm
Date Wed, 21 May 2008 12:35:55 GMT
Hi Fu-Tung,

I cannot answer your question as I was about to post it myself, when I was
writing my own implemtation for these common operations using Spring ldap
and got stuck on the exact same thing. I'm not sure what your exact goal is,
but you might wanna take a look at the WSO2 WSAS User Manager (sub-)project.
It can be used on its own : http://wso2.org/projects/commons/user-manager

I have to admit I haven't tested this solution yet, but it looks promising.
I you decide to give it a try let me know how that works out pls.
Actually I'm quite curious to see if user-manager is going relieve me from
the (for me at least) painfull job of writing ldap queries for group
memberships.

Here's a quick peak :
org.wso2.usermanager.Authenticator		Authenticate users.
org.wso2.usermanager.AccessControlAdmin	Add/edit/delete Authorization on
users/roles/resources
org.wso2.usermanager.Authorizer		Can check for authorizations
org.wso2.usermanager.UserStoreAdmin		Add/edit/delete users.

Of course this still leaves me curious for an answer to your original
question :

What is, in terms of performance, the optimal query for obtaining the group
memberhips of a certain user in ApacheDS ?

Hope to have provided some usefull info though,

Wim Verreycken


-----Original Message-----
From: Fu-Tung Cheng [mailto:futung.cheng@yahoo.com] 
Sent: vrijdag 16 mei 2008 20:19
To: apacheds
Subject: memberOf Algorithm

Hi,

I was hoping someone could help me out with an ldap query.

I am trying to implement the member of Algorithm

http://middleware.internet2.edu/dir/groups/docs/internet2-mace-dir-groups-be
st-practices-200210.htm#_memberOf_Algorithm

but I am not sure how to get all memberships for a particular user.

My ds tree looks like this:

organization
project1 project2
read, write (per project)

then with the unique members in each of read, write

so I guess what i need to do is a 2 part query where I get all projects
where a user has permissions and then a 2nd query where i get all permission
the user has on a project.

Is this a sane way to model the directory structure and permissions?   What
would my query look like for all projects where the user is a uniquemember
of a permission?  

the user would be a person object that is a unique member of the project1
write group and the project2 read group for instance.

If there is a link for a tutorial on how to do this kind of thing that would
be great as well or a better place to post this kind of question.

Or even a good dead-tree reference.

Thanks again,

Fu-Tung







      



      



Mime
View raw message