Hello,
Consider a classic LDAP usage for authentication and consequent calls to check if the user has rights to access an object accessible to groups "foo", "bar" and "baz".
I am wondering if I am allowed to persist exact role names, i.e. "foo", "bar" and "baz" and then make CurrentUser.IsInRole("Foo") || CurrentUser.IsInRole("Bar") || CurrentUser.IsInRole("Baz") ? My answer is no since the role (group) name could be changed by the directory administrator at any time. But what to persist, an identifier of a kind?
I have stumbled upon a WebSphere configuration section at http://publib.boulder.ibm.com/infocenter/wpdoc/v510/index.jsp?topic=/com.ibm.wp.ent.doc/wpf/wmm_map.html, the bottom line is that the identifier attribute is configured per provider type. Is this accurate and does it solve the above problem (renamed objects)?
Many thanks!