Fellow monks,

I have build a cute application that use persistent objects stored in LDAP or RDMS. It works great, but I have realized soon that I need some sort of controled access to these objects. Not everyone should change user's password, heh?

Well, User can change it own password, but not other user's password. The simplest way to implement this is at the perl level, just add authorization checks to object persistence layer. When using inheritance the right way it is very elegant solution. But ...

I want to access LDAP object from other environments, not just this simple perl program. I want access controled on the LDAP(/database) level as well. LDAP server has its ACLs. But no two LDAP server products has the ACLs the same. What can I do here to make access control unified?

Access control on LDAP side only is no solution, even if some general way of expresing LDAP ACLs existed. I want 'change password' button displayed only if user can change his password and I cannot check (by actualy changing the passeword) every time with LDAP for this. It would be huge overhead at the very least. And maintaining the ACLs in (possibly many) LDAP servers consistent with perl authorization routines will be real nuisance or it will get impossible at all when the system gets larger.

So, how can one poor monk get out of this confusion? Any sugestion appreciated.

In reply to Access control problem by gildir

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.