Radicore Forum: Menu and Security

Home » RADICORE development » Menu and Security » RBAC and LDAP

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

Re: RBAC and LDAP [message #354 is a reply to message #353]

Thu, 02 November 2006 02:16

dennisj
Messages: 4
Registered: November 2006
Location: Australia

Junior Member

Tony,

Thanks for the response.

I have minimal experience with LDAP and Web applications.

1/. Moodle http://moodle.org a php MySQL learning management system. If you turn on LDAP authentication, and point the Moodle application at your LDAP server, then, when a user clicks to logon, it takes the entered credentials and asks the LDAP server, over an LDAP connection, whether that user is allowed to proceed.

2/. An apache server can have the mod_auth_kerb module installed http://modauthkerb.sourceforge.net/ . "Mod_auth_kerb is an Apache module designed to provide Kerberos authentication to the Apache web server. Using the Basic Auth mechanism, it retrieves a username/password pair from the browser and checks them against a Kerberos server as set up by your particular organization." The Kerberos connection can talk to an LDAP server.

Because there is a bit of pressure to centralise identity and permissions management in an LDAP server, it would be great if there was some way for your security system to interact with LDAP.

As I said in my original post I'm not a coder. There is a general article here on this topic... http://www.list.gmu.edu/confrnc/ifip/i01-kluwer01-jpark.pdf
ROLE-BASED ACCESS CONTROL ON THE WEB USING LDAP

The abstract reads...
This paper gives a framework for how to leverage Lightweight Direc-
tory Access Protocol (LDAP) to implement Role-based Access Control
(RBAC) on the Web in the server-pull architecture. LDAP-based di-
rectory services have recently received much attention because they can
support object-oriented hierarchies of entries in which we can easily
search and modify attributes over TCP/IP. To implement RBAC on
the Web, we use an LDAP directory server as a role server that con-
tains users' role information. The role information in the role server is
referred to by Web servers for access control purposes through LDAP
in a secure manner (over SSL). We provide a comparison of this work
to our previous work, RBAC on the Web in the user-pull architecture.

Dennis

[Updated on: Thu, 02 November 2006 02:17]

Report message to a moderator

[Message index]

		RBAC and LDAP By: dennisj on Wed, 01 November 2006 17:42
		Re: RBAC and LDAP By: AJM on Wed, 01 November 2006 18:08
		Re: RBAC and LDAP By: dennisj on Thu, 02 November 2006 02:16
		Re: RBAC and LDAP By: AJM on Thu, 02 November 2006 04:47
		Re: RBAC and LDAP By: dennisj on Fri, 03 November 2006 04:56
		Re: RBAC and LDAP By: AJM on Fri, 03 November 2006 05:19
		Re: RBAC and LDAP By: dennisj on Sun, 05 November 2006 16:27
		Re: RBAC and LDAP By: AJM on Sun, 05 November 2006 16:49
		Re: RBAC and LDAP By: edortizq on Wed, 27 August 2008 11:42
		Re: RBAC and LDAP By: AJM on Wed, 27 August 2008 12:28
		Re: RBAC and LDAP By: edortizq on Wed, 27 August 2008 17:31
		Re: RBAC and LDAP By: AJM on Wed, 27 August 2008 18:00
		Re: RBAC and LDAP By: edortizq on Thu, 28 August 2008 14:19
		Re: RBAC and LDAP By: AJM on Thu, 28 August 2008 15:08
		Re: RBAC and LDAP By: AJM on Sun, 31 August 2008 09:31
		Re: RBAC and LDAP By: edortizq on Sun, 31 August 2008 16:54

Previous Topic:	Task-Field Access::NODISPLAY
Next Topic:	Setting up a limited user

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Fri Apr 19 16:40:22 EDT 2024

Total time taken to generate the page: 0.01168 seconds