www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henning Schmiedehausen <henn...@schmiedehausen.org>
Subject Re: Centralised authentication/authorisation
Date Sun, 07 Dec 2008 20:05:28 GMT
On Sun, 2008-12-07 at 12:35 +0000, Tony Stevenson wrote:

> This will not initially be public service, this will be an internal 
> method for managing accounts.  If and when we goto an automated user 
> account management, i.e. allowing user to reset passwords etc, then we 
> may open it up in parts to the public network.
> 
> > * what objectClasses are being used? Will people be inetOrgPerson or 
> > posixUser or a custom apachePerson class which all the appropriate 
> > attributes brought together?
> 
> It will likely we a butchered version of inetOrgPerson. Accomodating 
> many additional data fields.

NO! WRONG! YOU DON'T MODIFY EXISTING OBJECT CLASSES! 

You add a new one, e.g. apachePerson which contains all the required
fields. And you have your objects represent multiple object classes.

This is a *basic* concept of LDAP. If you botch this, there is no point
in using LDAP at all, because it will be unmanageable *very* quickly. 

Been there, got the T-Shirt.

	Ciao
		Henning

-- 
Dipl.-Inf. (Univ.) Henning P. Schmiedehausen       -- Java, J2EE, Linux
Mail: henning@schmiedehausen.org    -- Consultant, Architect, Developer
Web:  http://henning.schmiedehausen.org/



Mime
View raw message