堆栈内存溢出
  简体   繁体   English

什么是用于存储用户及其成员资格的好 Ldap ObjectClass

[英]What is a good Ldap ObjectClass to use to store a user and it's membership

 原文  2011-05-04 22:45:43       directory/ ldap/ apacheds

问题描述

I'm trying to create a Ldap schema for our users and groups (using ApacheDS but that should not matter)我正在尝试为我们的用户和组创建一个 Ldap 架构(使用 ApacheDS,但这应该没关系)

Currently i have something like this目前我有这样的东西

 (dc=company, dc=com)
   - ou : groups
      - GroupOfNames: cn=users
          -GON: cn subgroup A
              * member : uid = user1
      - GroupOfNames: cn=Admins
              * member : uid=admin

   - ou : users
       - InetOrgePerson uid="admin"
       - InetOrgePerson uid="user1"

Now the problem is I'm trying to connect a portal to use this schema for authentication/group membership.现在的问题是我正在尝试连接一个门户以使用此架构进行身份验证/组成员身份。

The Portal wants the "user" to 'know' the groups it's member of (which is probably more efficient)门户希望“用户”“知道”它所属的组(这可能更有效)

So I would need to have something like所以我需要有类似的东西

- InetOrgePerson uid="admin"
    * memberOf : "cn=admin,cn=groups,cd=company,dc=com"

But inetOrgPerson does not allow any kind of memberOf attribute.... so my question is:但是 inetOrgPerson 不允许任何类型的 memberOf 属性....所以我的问题是:

What kind of Ldap Object class can I use instead of inetOrgPerson that would allow a memberof attribute.我可以使用哪种 Ldap Object class 代替允许 memberof 属性的 inetOrgPerson。

2 个解决方案

解决方案1
 1  2011-05-05 00:03:04

inetOrgPerson. inetOrgPerson。 You don't need a memberOf attribute.您不需要 memberOf 属性。 Just execute a search of the GroupOfNames 'member' attribute.只需执行 GroupOfNames 'member' 属性的搜索。 This is how it is normally done.这就是通常的做法。

解决方案2
 0 已采纳  2011-05-05 10:33:56

Well, the server does matter.好吧,服务器确实很重要。 Since there is no standard for getting group membership in the users entry.由于在用户条目中没有获得组成员资格的标准。

I don't know if Apache DS supports the "memberOf" attribute.我不知道 Apache DS 是否支持“memberOf”属性。 OpenDJ (opendj.org) or OpenDS, SunDSEE do support it via the "isMemberOf" attribute (and could be configured to return either name). OpenDJ (opendj.org) 或 OpenDS,SunDSEE 通过“isMemberOf”属性支持它(并且可以配置为返回任一名称)。

The isMemberOf (or memberOf) is an operational attribute and thus must be explicitly requested in the search query. isMemberOf(或 memberOf)是一个操作属性,因此必须在搜索查询中明确请求。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在LDAP目录服务器架构中定义对象类o和ou? - How to define objectclass o and ou in LDAP directory server schema? 测试 LDAP 用户凭证的简单方法 - Easy way to test an LDAP User's Credentials 什么是用于基于位置的目录的好的CMS? - What is a good CMS to use for a Location Based Directory? 在LDAP中搜索用户 - Searching user in LDAP 在文件夹层次结构中管理资源的良好 RESTful 实践是什么? - What's a good RESTful practice for managing resources in a folder hierarchy? 删除LDAP目录中非叶节点的正确方法是什么 - What is the correct way to delete a non-leaf node in an LDAP directory Ubuntu ldap不会返回所有用户的组 - Ubuntu ldap doesn't return all users's groups 什么是在Windows中导出文件的好目录 - What is a good directory to export files in windows 使用PHP mkdir()创建用户组目录时要使用什么chmod权限 - What chmod permission to use when creating user group directory with PHP mkdir() Windows中用于替换用户名称文件夹的任何通用关键字 - Any universal keyword to be use in place of user's name folder in directory in Windows
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM