just1mobyte
Technical User
Appreciate the insight of the group.
Have two LDAP directories....AD & SunOne. AD is used corporately and applications don't really use the groups or roles. SunOne is used for 10 companies and is the repository used for web application access control by staff. Of course we have Roles that are application specific.
But have a general question regarding the SunOne Directory for handling selected access. From a design, performance, usage/flexibility, and delegation perspective, is it better to have a scenario like this for apps to use for controlling access at a high level:
Use specific ou='s which can be interrogated by apps
ou=company1
ou=company2
ou=company3
ou=company4
etc....
or...
Have one ou=employees and use Roles to distinguish company that apps can check against.
company1
company2
company3
company4
etc...
Thanks...
Have two LDAP directories....AD & SunOne. AD is used corporately and applications don't really use the groups or roles. SunOne is used for 10 companies and is the repository used for web application access control by staff. Of course we have Roles that are application specific.
But have a general question regarding the SunOne Directory for handling selected access. From a design, performance, usage/flexibility, and delegation perspective, is it better to have a scenario like this for apps to use for controlling access at a high level:
Use specific ou='s which can be interrogated by apps
ou=company1
ou=company2
ou=company3
ou=company4
etc....
or...
Have one ou=employees and use Roles to distinguish company that apps can check against.
company1
company2
company3
company4
etc...
Thanks...