1

I have an LDAP I have to create from scratch. This will handle multiple domains, in which will be multiple apps. With multiple authorization based on each apps.

I don't want to duplicate users, and as I learned, a user cannot exist on multiple OU. So I want a user to be able to access some app on some domain, and some other app on some other domain. What would be the best way to model that?

I thought about : cn=UserXYZ,ou=people,c=multiverse for 1 user and cn=app1,dc=domain,dc=com,c=multiverse for 1 app. And then handle each access right in each app, referencing the user from the people,multiverse.

Am I doing something crazy that wouldn't work? What is the correct way to do? (the domain won't all be from .com)

Dolanor
  • 173
  • 2
  • 8
  • Don't know your exact requirement but instead increasing complexity of LDAP you can manage user privileges at application level using role base mechanism. – Sunil Bhoi Nov 14 '17 at 06:07
  • Yes, that was the plan. My problem is that I want the users only in 1 OU, and I guess, closer to the root as possible. But is a root not being a `dc=` is possible? I tried with c=multiverse and try to identify with `cn=admin,c=multiverse` and it doesn't work. So I guess I'm lacking basic LDAP knowledge that I can't seem to grasp/grok. – Dolanor Nov 14 '17 at 10:57

0 Answers0