[Infrastructures] authentication of groups of users

[Nils Ketelsen]

This is a multi-part message in MIME format.
--------------050902030804030805090008
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Joel Huddleston wrote:

>>But what with using LDAP as directory server and authentication
>>server? What can you do to accomplish the same effect?
> 
> LDAP (and even Hesiod and NIS+) is a hierarchical system, that is, tree
> structured. It is possible to store your users into structural groups and
> select which hosts use which groups in order to limit access. It is my

But if I had a user who needs access to two applications I would have to
keep his data in two places (because he is in two ous). Tree structures
suck, but as LDAP is what most systems are able to do, I am currently
trying a different design, where under the user-object there is a set of
account-objects containing username/userpassword and whatever else the
application in question requires as information for this user.

The bind-dn used by the application only has the right to see accounts
that it needs. Anonymous users can not see any account information at all.

Well thats the Idea, the problem is currently to implement it ... It's
always the simple things, that make it hard. Has anyone here ever
installed a Tivoli Directory Server on AIX? I am completely lost at the
moment, as the files the installation guide refers to are not even
existing in the tarball...


Nils

--------------050902030804030805090008
Content-Type: text/x-vcard; charset=utf-8; name="nils.ketelsen.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="nils.ketelsen.vcf"

begin:vcard
fn:Nils Ketelsen
n:Ketelsen;Nils
org:Kuehne + Nagel (AG&Co) KG;Ham MI-G
adr:;;Ferdinandstr. 29;Hamburg;;20095;Germany
email;internet:nils.ketelsen@kuehne-nagel.com
tel;work:+49 40 32915 236
tel;fax:+49 40 32915 500
x-mozilla-html:FALSE
url:http://www.kuehne-nagel.com/
version:2.1
end:vcard


--------------050902030804030805090008--