0

I'm working on a identity management system based on LDAP. The integration of the software is done with the help of Spring security.

One requirement is the possibility to add new permissions to the software, based on groups. So the admin should be able to add a new group with appropriate permissions.

I'm able to do such a thing directly on my server with the .ldif files on the server backend:

dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=foo,dc=off,dc=com" write
by anonymous auth
by self write
by * none`

Is it possible to do such a thing with Spring? Or should I rethink my design and work with permission attributes?

user207421
  • 305,947
  • 44
  • 307
  • 483
John
  • 11
  • 4
  • You've misunderstood the requirement. Changes to `olcAccess` only affect OpenLDAP itself, and should be few and far between once the server is up and running. You will be needing to add new group entries into the DIT, and to be able to enroll users in those groups. – user207421 Jul 27 '15 at 10:16
  • Thanks for your help. I understand this requirement for at least 60% ;-). But when I add a new group and I whant to do something special with it, how can I manage this task? For example a new group, which is capable of changing the Passwords of the users. To add such a group at the beginnging is a standart task. But to add a group and change the LDAP permissions seam to be not possible (over Spring secure). – John Jul 28 '15 at 04:26
  • Correct. You have to do it in the configuration. But you already know you will need such a group. So add it now. – user207421 Aug 01 '15 at 21:38

0 Answers0