Reputation: 1
OpenDJ membership attribute for organizationalRole?
I'm planning to use OpenDJ as a backend ldap server to store RBAC. And I'm going to use objectclass=organizationalRole to store Roles (I'm choosing groupOfNames to store Organizational Groups, unnecessarily related with Roles).
As I can see there's an equivalent virtual attribute of isMemeberOf, with which I can easily find out which Organizational Group a person belongs to.
I'm wondering if there's an similar membership attribute for organizationalRole so I can quickly find out which Roles a person belongs to ?
Or any other better solution to do RBAC and Organizational Group in OpenDJ ?
Thanks
Upvotes: 0
Views: 196
Answers (1)
Reputation: 4878
The isMemberOf virtual attribute plugin leverages OpenDJ group manager which currently supports the following static groups: groupOfNames, groupOfUniqueNames and groupOfEntries, and the dynamic groups: groupOfURLs. It does so, regardless of their places in the Directory Information Tree. If you need to support another type of group (like organizationalRole), some code will be required.
Upvotes: 0
Related Questions
- Kubernetes RBAC apiGroup field in RoleBinding and ClusterRoleBinding
- System of User/Role , how to implement other attributes?
- Query LDAP to get Role of a User
- Java AD Group Membership
- Are GROUPS and ROLES the same thing in OpenDJ LDAP?
- Active Directory Group members
- Role-based security implementation in LDAP
- How do I access JAAS roles at arbitrary point in the code?
- JavaEE web.xml - intepreting role-name tags
- How to implement default Roles on a Role Based Access Control