Utilizing IBM Directory Server proxy authorization (impersonation) within Web applications
Web applications providing gateway access to LDAP services, such as
an enterprise-wide phone and mail directory, are usually
designed to authenticate using an LDAP "superuser" account.
As a result, the user reads and updates the directory according
to the rights of that high-privileged account
instead of his/her own LDAP privileges.
IBM Tivoli Directory Server offers a powerful
feature, known as proxied authorization (RFC 4370),
which enables programmers to write applications
that authenticates themselves using a specific account but operates
on behalf of the real user, thus delegating all
privilege enforcements to the LDAP server.
0 Kommentare:
Kommentar veröffentlichen
Abonnieren Kommentare zum Post [Atom]
<< Startseite