WebApp Sec mailing list archives
FYI: RBAC for WebApps using LDAP
From: Saqib Ali <docbook.xml () gmail com>
Date: Thu, 4 Aug 2005 16:55:58 -0700
LDAP directories have the capability to define Roles. Roles becomes a topLevel OU, similar to OU=People or OU=Groups. Once logged in, a web application can check to see if the user has the proper Role assignment to perform a given a action. Java, PHP, ColdFusion provide methods like isUserInRole("{RoleName}") to check logged-in user's Role assignments. Based on the Return Value of this function, the web application can determine whether to display content or restrict it from the logged-in user. # sample LDIF to add Roles OU to LDAP: dn: ou=Roles,o=xml-dev.com,o=CORP ou: Roles objectClass: top objectClass: organizationalUnit # Define a Role dn: cn=ReportView,ou=Roles,o=xml-dev.com,o=CORP objectClass: top objectClass: groupOfUniqueNames cn: ReportView uniqueMember: uid=123456,ou=People,o=xml-dev.com,o=CORP -- In Peace, Saqib Ali http://www.xml-dev.com/blog/ Consensus is good, but informed dictatorship is better.
Current thread:
- FYI: RBAC for WebApps using LDAP Saqib Ali (Aug 04)