#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2009
    Posts
    1
    Rep Power
    0

    Application Permissions with LDAP


    Hello, I'm new to LDAP so I need some help with best practices. We have LDAP set up to support single sign on for our internet applications we are developing at work. What we want to do is set up user permissions so that certain people can only see certain things in each application. What is the best way of doing this in LDAP? Is there a way to set up groups or something like that?

    Thanks!
  2. #2
  3. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2008
    Posts
    85
    Rep Power
    7
    yea, it must be specify gid's for those uid's
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2009
    Location
    Charlotte, NC
    Posts
    111
    Rep Power
    9
    A best practice would be to only use LDAP Groups when your planning to support less than 5000 uniquemembers in any one group. If your group membership will be greater than 5000 then use a database for authorization. if your going to have more than one ldap group used to authorize users do not exceed 200 users per group and do not exceed 40 groups for any one application. To exceed either of these limits will severely decrease performance of the LDAP group searches. If you need to exceed 40 groups and more than 200 members per group then use an LDAP attribute for authorization and do not search the groups for membership. The attribute 'memberOf' or 'isMemberOf' is usually populated with the DN of the groups in which the user is a uniquemember.

IMN logo majestic logo threadwatch logo seochat tools logo