1

Following is the scenario in the picture, We have one server at back and five other servers (running 5+ applications). We are developing LDAP instead of basic Database authentication rule in which we have to set it manually. Obviously, We have different roles like: Developer, Support, Managers, Directors, etc.

So, Our aim is to give permissions respectively. For example. A user who fall in developer group can edit and commit, while support person can view only. Please feel free if my concept is wrong.

Technologies:

  • Wamp Server 2.5
  • Apache 2.4.9
  • PHP 5.5
  • MySQL 5.6
  • LDAP Ubnutu v3

Following are my Questions:

  • Does LDAP allow user permission mechanism? or I want any other third party software. In case to - NO, Do I have to make application capable to act like this?
  • Does LDAP users/groups are linked with Linux sudoers user? in: visudo i.e. /etc/sudoers
Sarz
  • 111
  • 2

1 Answers1

0
  • Yes, you can use LDAP for handling permissions with a wide range of options, depending on what your app supports.
  • If you use LDAP as an NSS source for users and groups, you can hand out sudo rights to it just like users coming from /etc/passwd.
Sven
  • 97,248
  • 13
  • 177
  • 225
  • Right, I am using `phpldapadmin` (PLA) for this. I didn't find any thing like permissions. Please suggest some or example related to this. Plus I also dig in for NSS source – Sarz Nov 13 '14 at 06:38
  • There is nothing in LDAP per default that says "Permmission" (with the exception of the ACLs to control who has access to the LDAP data. But depending on the application, you can add data to it that controls permissions. This might be in the form of usual Unix or more advanced nested groups, it might be special fields added to the user schema or an elaborate ACL system. Everything is possible and it's up to the application (or you) to decide how. What does ` Plus I also dig in for NSS source` mean? – Sven Nov 13 '14 at 14:56