LDAP configuration query

worldofdavep

Joined: 2013-02-01
Posts: 1
Posted: Fri, 2013-02-01 11:39

Hi, I'm evaluating g3 to replace an existing system we have (old server, no-one knows how to maintain it).

LDAP authentication will be a key requirement, so I've installed a test g3 on a CentOS (6) server and put the LDAP plugin in.

What we want to achieve is:
- The main admin account is NOT reliant on LDAP (suicide when there is an LDAP problem)
- certain accounts should have full upload photo / create album / edit rights
- everyone else gets read only access

We don't want to be faffing around with creating groups in LDAP for this, or extra attributes. cn is our username attribute - our tree is quite complicated, but all our other PHP / java servlet webapps out of the box just search within o=our_org and search subcontexts fine to track down users.

From messages I've seen so far, g3 can only have the built in authentication OR ldap - so as long as I can say 'these LDAP usernames can have editing rights' that is fine. But it's complaining that I haven't specified groups.

Can I achieve this, and if so how?

Thanks