Re: Simple Authorization?

Why not use LDAP? (a.k.a. Open Directory?)

As you know, the Apache server has easy built-in support for LDAP-based rules to govern access to any portion of a website. Once the user has passed that level of authentication, this information can be reliably obtained by the application and used for authorization. Not surprisingly, there are hundreds of CPAN modules already out there...

The overwhelming practical advantage of this scheme is that it can be centrally managed, enterprise-wide, from just one console and in one uniform way. Instead of doing “one thing one way for one app,” you do “one thing one way for all of them at once.”

Replies are listed 'Best First'.
Re^2: Simple Authorization? by pileofrogs (Priest) on Mar 18, 2009 at 22:05 UTC
Basically, I don't want to maintain an LDAP server.	[reply]
Re^3: Simple Authorization? by locked_user sundialsvc4 (Abbot) on Mar 18, 2009 at 22:29 UTC
Well then, so be it. Is there any other existing authentication infrastructure that is already employed elsewhere, that you can cabbage onto? Is it likely that one day there might be a dozen or so other applications out there, all of them needing the “do it just one way” capability that you described for the existing two apps? One thing that can be said about companies that have adopted LDAP: they almost-uniformly didn't start out that way. They started from a cacaphony of “individually home-grown” applications and, at very-considerable expense mind you, imposed LDAP upon all of them... wishing sorely that they had done so much sooner. Perhaps this observation truly does not apply to you...
Re^4: Simple Authorization? by pileofrogs (Priest) on Mar 19, 2009 at 03:13 UTC
I hope it doesn't. I've run LDAP servers before for various purposes. If I had something beyond the 5 people or so who will actually have a meaningful role, I'd do it.	[reply]