Re: Accessing Open Directory Information
Re: Accessing Open Directory Information
- Subject: Re: Accessing Open Directory Information
- From: Joe Little <email@hidden>
- Date: Wed, 6 Jul 2005 11:31:19 -0700
The EOModeler JNDI wizard does allow you to authenticate user name and
password. I've yet to get OD to do such since it wants SASL for
authenticated binds. For non-authenticated binds, you simply leave the
username/password blank, choose SIMPLE for the bind, and use a correct
URL, like ldap://myserver.mydomain.com:389/dc=myserver,dc=mydomain,dc=com
I believe that WO never designed a secure interface for this, as it
seems to neither support SASL authentication (which OD uses for non
secure connections) nor SSL for encypting simple binds. However, for
the question at hand, a simple bind for non auth would be fine.
You'll select organ*, inetorgperson, group*, person, posix* as the
tables to get.
In this specific case, if you are simple using "groups" you may just
ideally get PosixGroup and PosixAccount as you may not care about the
other hierarchies or the person attributes beyond what you find in a
GECOS field
On 7/6/05, Chuck Hill <email@hidden> wrote:
> Joe,
>
> Do you know if you can you use an LDAP bind against OpenDirectory to
> authenticate user name / password?
>
> Chuck
>
>
> On Jul 5, 2005, at 11:46 PM, Joe Little wrote:
>
> > Open Directory, among other things, is just OpenLDAP 2.1.x. Use the
> > JNDIAdaptor against your LDAP server. You won't have access to
> > passwords and such, but if you just want groupings, you can query
> > which groups a user belongs, or the memberships of a specific group.
> > By making them EOs, you can mostly avoid all the LDAP specific
> > knowledge you would otherwise need.
> >
> > On 7/5/05, Colin Shreffler <email@hidden> wrote:
> >
> >> What is the best way to access Open Directory information via Web
> >> Objects? Does Apple provide an Open Directory API?
> >>
> >> Specifically I need to incorporate role-based security
> >> (authorization) into my application. One approach would be to add
> >> users to groups in Open Directory and then check to see if the
> >> user is a member of that group before granting access to certain
> >> content.
> >>
> >> If anyone has any information about alternative methods of
> >> providing role-based security in Web Objects or about an API that
> >> will allow me to see if a User in Open Directory is a member of a
> >> particular Group, I'd be most grateful :)
> >>
> >> Cheers!
> >> -c
> >>
> >>
> >>
> >>
> >> ________________________________________________________________
> >> Sent via the WebMail system at warp9software.com
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Do not post admin requests to the list. They will be ignored.
> >> Webobjects-dev mailing list (email@hidden)
> >> Help/Unsubscribe/Update your Subscription:
> >> 40gmail.com
> >>
> >> This email sent to email@hidden
> >>
> >>
> > _______________________________________________
> > Do not post admin requests to the list. They will be ignored.
> > Webobjects-dev mailing list (email@hidden)
> > Help/Unsubscribe/Update your Subscription:
> > 40global-village.net
> >
> > This email sent to email@hidden
> >
> >
>
> --
> Practical WebObjects - a book for intermediate WebObjects developers
> who want to increase their overall knowledge of WebObjects, or those
> who are trying to solve specific application development problems.
> http://www.global-village.net/products/practical_webobjects
>
>
>
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden