File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes defining a schema in LDAP Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "defining a schema in LDAP" Watch "defining a schema in LDAP" New topic
Author

defining a schema in LDAP

Rishi Singh
Ranch Hand

Joined: Dec 09, 2000
Posts: 321
Hi all,
we are using OID for authentication and Oracle 9i DB for authorization.now based on the database schema we hve to come up with a LDAP schema so tht we can move the authorization part in OID.would like to hve some inputs as to how to come up with a OID schema.
Rishi
SCJP,SCWCD
Clayton Donley
Author
Greenhorn

Joined: Mar 03, 2003
Posts: 27
Hello,
It really depends on what you currently have in your database.
If you mostly just associate users with various roles or such within the database, you might be able to simply create various groups to correspond to those various roles. One class that could be used for this purpose is the groupOfUniqueNames class. One could list the people that have that role by listing them inside those group entries.
The alternative is to associate that the user-related authorization information directly within the user entries by extending the inetOrgPerson class or such.
If you are storing information about authorization targets, or roles that associate users/groups, actions, and targets, you'll not find a lot of widely used LDAP schema that can be reused with off-the-shelf components, though this doesn't limit you from using LDAP for this purpose (Netegrity and other products do exactly that).
Clayton


Clayton Donley, CTO<br />Octet String, Inc.<br />Phone: +1-847-358-9358 ext. 111<br />Email: clayton.donley@octetstring.com<p>Author: LDAP Programming, Management, and Integration<br />Manning: <a href="http://www.manning.com/donley/" target="_blank" rel="nofollow">http://www.manning.com/donley/</a><br />Amazon: <a href="http://www.amazon.com/exec/obidos/ASIN/1930110405/ref%3Dnosim/searchbyisbn/" target="_blank" rel="nofollow">http://www.amazon.com/exec/obidos/ASIN/1930110405/ref%3Dnosim/searchbyisbn/</a>
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: defining a schema in LDAP