This week's book giveaway is in the HTML/CSS/JavaScript forum.
We're giving away four copies of Practical SVG and have Chris Coyier on-line!
See this thread for details.
Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

LDAP: roles by attribute value

 
Ignacio Lacosta
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
Nowadays, we have a WebSphere (5.0.2) authenticating users stored in OpenLDAP 2.1.22, in a standard way:
User Filter (&(uid=%v)(objectclass=inetOrgPerson))
Group Filter (&(cn=%v)(objectclass=groupOfUniqueNames))
User ID Map inetOrgPerson:uid
Group ID Map *:cn
Group Member ID Map groupOfUniqueNames:uniqueMember


Example of directory:

ou=roles
cn=general
objectClass: groupOfUniqueNames
uniqueMember: cn=user1,ou=users,...
uniqueMember: cn=user2,ou=users,...
uniqueMember: cn=user3,ou=users,...
(...)

ou=users
cn:user1
objectClass: inetOrgPersn
cn: user1
uid: user1
userPassword: pwd
sn: test
givenName: user1
cn:user1
( idem )

So, the "general" role entry is a very huge entry, because it contains a lot of users. Our LDAP is suffering some performance degradation and we think that this could be one reason.

The question is: can we set the membership of a role by adding an attribute in each user record, as Tomcat does ? (In Tomcat's server.xml file, the property userRoleName points to an user attribute that is the role name)

Thanks in advance !

Ignacio.
 
Today you are you, that is turer than true. There is no one alive who is youer than you! - Seuss. Tiny ad:
the new thread boost feature: great for the advertiser and smooth for the coderanch user
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!