Reputation: 123
Are GROUPS and ROLES the same thing in OpenDJ LDAP?
I have managed to create a hierarchy structure which has three Organizational units namely :
ou=People || ou=Groups || ou=Role (Theses are three differernt nodes under a baseDN)
Under people I have users entry (e.g edanny), each entry having the objectClass = inetOrgPerson. Under Groups I have entries (e.g Inventory Dept.) having objectClass = groupOfUniqueNames and lastly under Role (e.g Admin) the entries have objectClass = organizationalRole.
Are the above entries the right way to organize a hierarchy in LDAP which requires People group, Role and Organization's Dept. ?
Further I have associated each user under People Unit with Roles and Groups in their own attributes roleOccupant and uniqueMember respectively rather than writing each user's role and groups in the user's entry.
Is it the right way ?
Upvotes: 1
Views: 1600
Answers (1)
Reputation: 17839
It can be done this way. I would suggest that you Remove the Role group and add members ( in the Groups (basically these will be your roles)
And then you can add the Department of each user as an attribute of each individual user.
If the attributes of the objectclass inetOrgPerson are not enough you can also add more objectclasses or you can create your own
So in the end you will have your Users under ou=People and your roles under ou=Groups
Its not a right or wrong type of question, it can be done using your way, but it will be easier i think to follow the above
Upvotes: 1
Related Questions
- Mapping Ldap groups to role of the application in tomcat
- Associate Ldap user to a group with Java
- JAVA : How to add more than one member to a group in LDAP
- What is the difference between Organizational Unit and posixGroup in LDAP?
- Java AD Group Membership
- Get Groups using Ldap in java
- Active Directory Group members
- User and Role Management in java with LDAP
- Get groups and users from LDAP
- memberOf vs. groupMembership in LDAP (Liferay)