WebSphere and OpenLDAP, group membership by user attribute
0 posts in topic
Flat View  Flat View
Older Post First |   Reply to Topic
TOPIC ACTIONS:
 

Posted By:   Ignacio_Lacosta
Posted On:   Thursday, May 20, 2004 03:32 AM

Hello, Nowadays, we have a WebSphere (5.0.2) authenticating users stored in OpenLDAP 2.1.22, in a standard way: User Filter (&(uid=%v)(objectclass=inetOrgPerson)) Group Filter (&(cn=%v)(objectclass=groupOfUniqueNames)) User ID Map inetOrgPerson:uid Group ID Map *:cn Group Member ID Map groupOfUniqueNames:uniqueMember Example of directory: ou=roles cn=general objectClass: groupOfUniqueNames uniqueMember: cn=user1,ou=users,... uniqueMember: cn=user2,ou=users,... uniqueMember: cn=user3,ou=users,... (...) ou=users    More>>

Hello,

Nowadays, we have a WebSphere (5.0.2) authenticating users
stored in OpenLDAP 2.1.22, in a standard way:

User Filter (&(uid=%v)(objectclass=inetOrgPerson))

Group Filter (&(cn=%v)(objectclass=groupOfUniqueNames))

User ID Map inetOrgPerson:uid

Group ID Map *:cn

Group Member ID Map groupOfUniqueNames:uniqueMember




Example of directory:



ou=roles

cn=general

objectClass: groupOfUniqueNames

uniqueMember: cn=user1,ou=users,...

uniqueMember: cn=user2,ou=users,...

uniqueMember: cn=user3,ou=users,...

(...)



ou=users

cn:user1

objectClass: inetOrgPersn

cn: user1

uid: user1

userPassword: pwd

sn: test

givenName: user1

cn:user1

( idem )



So, the "general" role entry is a very huge entry, because
it contains a lot of users. Our LDAP is suffering some
performance degradation and we think that this could be one reason.



The question is: can we set the membership of a role by
adding an attribute in each user record, as Tomcat
does ? (In Tomcat's server.xml file, the property
userRoleName points to an user attribute that is the
role name)



Thanks in advance !



Ignacio.

   <<Less
Report | Quote This | Send private message | Reply | Print
About | Sitemap | Contact