[Grok-dev] LDAP authentication and groups

Jeroen Michiel jmichiel at yahoo.com
Thu Aug 6 11:15:00 EDT 2009


Hi, 

I'm trying to authenticate against our Active Directory server using LDAP.
I got authentication going with ldappas and ldapadapter.

Now I want to assign roles and permissions based on the Groups the user is a
member of, as configured in the Active Directory server (so administration
remains centralized in the AD server). What is the best approach to this?
Should I 
* subscribe to the IPrincipalCreated event and then get the auth plugin via
the authentication attribute of the event and search with the appropriate
ldap identifiers and add the found groups to the groups attribute (perhaps
with a prefix)?
* create my own PrincipalFactory and do the stuff in there?
* Don't use the AD groups, but implement my own in my server, ending up with
decentralized administration.
* ...

Any help or ideas appreciated!

-- 
View this message in context: http://www.nabble.com/LDAP-authentication-and-groups-tp24848493p24848493.html
Sent from the Grok mailing list archive at Nabble.com.



More information about the Grok-dev mailing list