0

I'm planning to use OpenDJ as a backend ldap server to store RBAC. And I'm going to use objectclass=organizationalRole to store Roles (I'm choosing groupOfNames to store Organizational Groups, unnecessarily related with Roles).

As I can see there's an equivalent virtual attribute of isMemeberOf, with which I can easily find out which Organizational Group a person belongs to.

I'm wondering if there's an similar membership attribute for organizationalRole so I can quickly find out which Roles a person belongs to ?

Or any other better solution to do RBAC and Organizational Group in OpenDJ ?

Thanks

Feng Xi
  • 1,005
  • 2
  • 11
  • 30

1 Answers1

0

The isMemberOf virtual attribute plugin leverages OpenDJ group manager which currently supports the following static groups: groupOfNames, groupOfUniqueNames and groupOfEntries, and the dynamic groups: groupOfURLs. It does so, regardless of their places in the Directory Information Tree. If you need to support another type of group (like organizationalRole), some code will be required.

Ludovic Poitou
  • 4,788
  • 2
  • 21
  • 30
  • Thanks Ludovic. I guess what you mean by "some code will be required" is to write our own virtual attribute, right ? – Feng Xi Aug 12 '16 at 03:16