UKUUG Spring 2009 Conference
24-26 March 2009 in London
Writing Access Control Policies for LDAP
Access Control systems vary from one LDAP server to the next. All of them can implement simple policies, but it may be necessary to design the DIT around the access control requirements. In more complex cases it is essential to choose a server with a very flexible access control language. There are a number of pitfalls in ACL design, some of which cannot be covered by many of the commonly-used server products.
This paper suggests an approach to designing and testing access control rules. It includes worked examples to illustrate some common use-cases.
Andrew Findlay is an independent consultant specialising in Directory Services, data synchronisation, and e-mail systems. He has worked with X.500 and LDAP since 1988, and has designed directory schema for a number of large organisations.
Andrew holds BSc and PhD degrees in Cybernetics from the University of Reading and is an active member of both the IET and the UKUUG.
The slies from this presentation are available in the following formats:
PO BOX 37
SG9 9UQ More information
Page last modified 05 Apr 2009
Copyright © 1995-2009 UKUUG Ltd.