I'm working with LDAP (ApacheDS) in Java, I was wondering if it's possible to impersonate a user using the system account. More specifically, I have different groups in LDAP directory, and I need to allow users to modify entries under a group, but only the group this particular user belongs to. For example, if there is a following group:
o=acme
And an administrator of that group:
cn=admin,o=acme
I want to impersonate the admin user using the system account credentials, and allow them to only make changes in acme group.
I will elaborate since the above is not clear enough:
Lets say user A logs in. He is an administrator of ou=Group A. If, some time after logging in, he performs an action that require a connection to LDAP, it means that his credentials should be stored in session to allow him to connect. I want to avoid that, and impersonate user A using the system/some other admin account without needing user A password.
Thank you in advance.
Why? Just create your own admin-app account for use by the application, with the same privileges as the user admin account. Don't use the system account, that's for use by LDAP itself.