Re: RBAC and LDAP [message #355 is a reply to message #354] |
Thu, 02 November 2006 04:47 |
AJM
Messages: 2369 Registered: April 2006 Location: Surrey, UK
|
Senior Member |
|
|
The problem with this is that it requires software on the client which captures your logon credentials from the operating system so that it can be automatically passed to the web server when you enter the logon screen. That ability does not exist in any web browser, and I'm not sure if it can be done with javascript (which I do not use in Radicore), or whether it can only be done with an ActiveX control (which I also do not use n Radicore).
Even if I could use LDAP to provide a user's login identity I certainly would not use it as a replacement for my RBAC system. LDAP knows nothing of my user roles and tasks and knows nothing about assigning tasks to roles.
You may have read somewhere that using LDAP is "cool", but unless you know and understand the technicalities you will not realise that it also has its down side.
Tony Marston
http://www.tonymarston.net
http://www.radicore.org
|
|
|