Consider a classic LDAP usage for authentication and consequent calls to check if the user 开发者_JAVA技巧has rights to access an object accessible to groups "foo", "bar" and "baz".
I am wondering if I am allowed to persist exact role names, i.e. "foo", "bar" and "baz" and then make CurrentUser.IsInRole("Foo") || CurrentUser.IsInRole("Bar") || CurrentUser.IsInRole("Baz") ? My answer is no since the role (group) name could be changed by the directory administrator at any time. But what to persist, an identifier of a kind?
I have stumbled upon a WebSphere configuration section at http://publib.boulder.ibm.com/infocenter/wpdoc/v510/index.jsp?topic=/com.ibm.wp.ent.doc/wpf/wmm_map.html, the bottom line is that the identifier attribute is configured per provider type. Is this accurate and does it solve the above problem (renamed objects)?
Many thanks!
Any directory admin that goes around changing role names needs his head examined frankly. You have to 'persist' something, not that 'persist' is really the correct term, and the CN is as good as anything else, much better than most. All the examples and samples I've ever seen used hard coded role names.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论