WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

FYI: RBAC for WebApps using LDAP

From: Saqib Ali <docbook.xml () gmail com>
Date: Thu, 4 Aug 2005 16:55:58 -0700
LDAP directories have the capability to define Roles. Roles becomes a
topLevel OU, similar to OU=People or OU=Groups.

Once logged in, a web application can check to see if the user has the
proper Role assignment to perform a given a action.

Java, PHP, ColdFusion provide methods like isUserInRole("{RoleName}")
to check logged-in user's Role assignments. Based on the Return Value
of this function, the web application can determine whether to display
content or restrict it from the logged-in user.

# sample LDIF to add Roles OU to LDAP:
dn: ou=Roles,o=xml-dev.com,o=CORP
ou: Roles
objectClass: top
objectClass: organizationalUnit

# Define a Role
dn: cn=ReportView,ou=Roles,o=xml-dev.com,o=CORP
objectClass: top
objectClass: groupOfUniqueNames
cn: ReportView
uniqueMember: uid=123456,ou=People,o=xml-dev.com,o=CORP

-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.
Previous By Date Next
Previous By Thread Next

Current thread: