LDAP Programming
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsDatabasesLDAP Programming
Reload this Page

LDAP permissions on modifying group


Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old February 19th, 2010, 02:52 AM
enmanks enmanks is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Feb 2010
Posts: 1 enmanks User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 25 m 50 sec
Reputation Power: 0
LDAP permissions on modifying group
Hello, I need some help with best practices. Let me describe problem:
We have application with users with different roles (LDAP groups). We have, for instance, "group1", "group2" and group "disabled". User from group "disabled" is not allowed to perform any actions. So, enabling user is deleting him or she from group "disabled". But suddenly appears that for "group1" should be very strict policy for enabling users. Administrator can create user, add him to "group1" and to group "disabled" but enabling user should perform some other person. So, how to:
1. forbid administrator to delete user from group "disabled"
2. create user which can perform only one action: delete users from group "disabled"
?
I do not know, maybe there are some others decision for enabling|disabling users. I would be glad to get any advice.
Thank you in advance.
Reply With Quote
  #2  
Old February 20th, 2010, 07:18 AM
ldapswandog ldapswandog is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2009
Location: Charlotte, NC
Posts: 111 ldapswandog User rank is Corporal (100 - 500 Reputation Level)ldapswandog User rank is Corporal (100 - 500 Reputation Level)ldapswandog User rank is Corporal (100 - 500 Reputation Level)ldapswandog User rank is Corporal (100 - 500 Reputation Level) 
Time spent in forums: 22 h 18 m
Reputation Power: 8
creating the permissions to allow adminA to add people to the 'disable' group and adminB to delete them is easy enough. However, what is to prevent adminA from not adding them to the 'disable' group in the first place?
Reply With Quote
Reply

Viewing: Dev Shed ForumsDatabasesLDAP Programming > LDAP permissions on modifying group

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap