用于存储用户及其成员资格的 Ldap 对象类是什么?
我正在尝试为我们的用户和组创建一个 Ldap 模式(使用 ApacheDS 但这应该不重要)
目前我有这样的东西
(dc=company, dc=com)
- ou : groups
- GroupOfNames: cn=users
-GON: cn subgroup A
* member : uid = user1
- GroupOfNames: cn=Admins
* member : uid=admin
- ou : users
- InetOrgePerson uid="admin"
- InetOrgePerson uid="user1"
现在问题是我正在尝试连接一个门户以使用此模式进行身份验证/组成员身份。
门户网站希望“用户”“知道”它所属的组(这可能更有效)
所以我需要有类似的东西
- InetOrgePerson uid="admin"
* memberOf : "cn=admin,cn=groups,cd=company,dc=com"
但是inetOrgPerson不允许任何类型的memberOf属性....所以我的问题是:
我可以使用哪种 Ldap 对象类来代替允许 memberof 属性的 inetOrgPerson。
I'm trying to create a Ldap schema for our users and groups (using ApacheDS but that should not matter)
Currently i have something like this
(dc=company, dc=com)
- ou : groups
- GroupOfNames: cn=users
-GON: cn subgroup A
* member : uid = user1
- GroupOfNames: cn=Admins
* member : uid=admin
- ou : users
- InetOrgePerson uid="admin"
- InetOrgePerson uid="user1"
Now the problem is I'm trying to connect a portal to use this schema for authentication/group membership.
The Portal wants the "user" to 'know' the groups it's member of (which is probably more efficient)
So I would need to have something like
- InetOrgePerson uid="admin"
* memberOf : "cn=admin,cn=groups,cd=company,dc=com"
But inetOrgPerson does not allow any kind of memberOf attribute .... so my question is:
What kind of Ldap Object class can I use instead of inetOrgPerson that would allow a memberof attribute.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
inetOrgPerson。您不需要 memberOf 属性。只需执行 GroupOfNames 'member' 属性的搜索即可。这就是通常的做法。
inetOrgPerson. You don't need a memberOf attribute. Just execute a search of the GroupOfNames 'member' attribute. This is how it is normally done.
嗯,服务器确实很重要。由于在用户条目中没有获取组成员资格的标准。
我不知道 Apache DS 是否支持“memberOf”属性。 OpenDJ (opendj.org) 或 OpenDS、SunDSEE 通过“isMemberOf”属性支持它(并且可以配置为返回任一名称)。
isMemberOf(或memberOf)是一个操作属性,因此必须在搜索查询中显式请求。
Well, the server does matter. Since there is no standard for getting group membership in the users entry.
I don't know if Apache DS supports the "memberOf" attribute. OpenDJ (opendj.org) or OpenDS, SunDSEE do support it via the "isMemberOf" attribute (and could be configured to return either name).
The isMemberOf (or memberOf) is an operational attribute and thus must be explicitly requested in the search query.