tags:

views:

37

answers:

1
Q: 

How can I use active directory to assign permissions to a web application?

I have several web applications developed using PHP and would like to set these up to allow user authentication through active directory (specifically so that users can authenticate using their domain credentials).

I am able to use LDAP to authenticate the user to a group that I have created, but am unsure how I can assign user permissions for the application. In the attributes for my group I noticed a field called "controlAccessRights" which looks like it uses these permissions - do I just need to assign one of these values to the group?

Can anyone provide me with any information on what the best way to assign permissions would be?

Thanks.

+1  A: 

The way I have done it in the past is to use group membership to dictate permissions. You can do a search for the MemberOf attribute of each user:

(&(objectClass=user)(memberOf=CN=example_group*))

Then in your code, you would have an if statement to determine what access rights are necessary based on what group they are a member of.

This may be a bit more readable than using the controlAccessRights attribute. You could have a "Web_Admin" group etc...

Of course there are other ways, I have just found it easy to use groups for website permissions since they are more visible.

Cetra  2010-05-10 09:35:31
Thanks. This is what I had been doing, I was hoping to be able to assign permissions within the group, but it looks like this is still the best solution. Thanks again for your reply.
Matt  2010-05-11 14:26:18

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases