Better directory management with LDAP

**TechGate** · 28-12-2009

Hi,
I am spirited reading of the documentation to implement a client extra-net based on LDAP. And I would like clarification on the following:

1) The difference between a directory white pages and yellow pages? (this is the level of the search criteria)

2) "Directories to better manage the application access":
assume that I share a directory between users and applications, I also define the access rights of those latter applications. When a user wants to access the application from such a web page, how the control of those rights take place? is in the directory or I have to write code at my web page to verify if indeed the right to use the application?

3) Under the project extra-net, clients must access their invoices from a web page. What I know is that customers and products are listed in the directory. And then the bills? directory too?

Thank you and excuse me if the questions are too stupid or too bright.

**Solomon** · 28-12-2009

Hi,
I think I have the answer to the first question. A white pages directory is to locate people, while the yellow pages directory is to locate any object other than a person: applications for example, as computers, etc.. I hope this information will help you. Sorry, for the second I have no answer. But you will surely get information from this site.

Dr. V · 28-12-2009

Hi
Answer for your second question.
I am not an expert in the matter, but it seems that the precise directory undefined users and their rights. An application uses an authentication API that can (but need not) rely ultimately on the LDAP directory. Obviously, we must write code to implement the API authentication and "connect" has the LDAP database. I do not know what is the language you use, but if by chance it is pure Java API authentication and LDAP to exist already, just implement a couple of interfaces in your code. Well after I also know that AC is PHP, but how, I have no idea.

**TechGate** · 28-12-2009

Hello
So if I understand the definition of ACL is to improve security and ensure that safety rules are implemented in each application. But it is for developers of applications to respect these rules is when trying to access the directory information.
So I try to answer myself to my question 2: it is primarily at the application level and then at the directory. The application must comply with safety rules defined in the directory or an error is generated if the application tries to violate the rules defined in the directory.Am I Correct? If not please guide.

Dr. V · 28-12-2009

Hi
If you work in Java you should still throw a glance at the API JAAS (Java Authetification and Security).
This is standard for a secure service authenfication in Java. By utilizing this framework each access to your application to be chosen correctly.
This does not prevent you from tapper in JNDI to access the directory, but JAAS can separate the authentication and roles (permissions) whatever infrastructure of security (LDAP or a single file).
Otherwise I have not had time to re-find the lib that I had to ream Implementer a JAAS based application in an LDAP directory.

**Solomon** · 28-12-2009

Hey

So if I understand the definition of ACL is to improve security and ensure that safety rules are implemented in each application. But it is for developers of applications to respect these rules is when trying to access the directory information.

I think that everything that concerns the processing (bills, or whatever you want) should be deposited in a storage unit (eg DataBase).
By cons I do not understand why the products are referenced in the directory? Some undefined users have a clear role for the products.