You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Adrian Crum (JIRA)" <ji...@apache.org> on 2007/03/13 17:59:09 UTC

[jira] Commented: (OFBIZ-811) Authentication using LDAP

    [ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12480478 ] 

Adrian Crum commented on OFBIZ-811:
-----------------------------------

Mohamed Amine,

Thank you for contributing this work! I could use LDAP authentication here. After a quick review of your patches, I would like to make some suggestions:

1. Put the LDAP settings in its own properties file. It can reside in the framework/security/config folder. The security.properties file should contain only settings that apply to ALL security authentication schemes.

2. Put the LDAP authentication code in its own .java file. Then have LoginServices call the authentication code if the installation has been configured for LDAP. In other words, reduce the LoginServices.java modification to a simple if () statement that calls code in another file.

3. If the LDAP authentication is successful, update OFBiz's entities with the current data (login name and password) so that both systems stay in sync. OFBiz's built-in authentication can then be used as a backup, should the LDAP server become unavailable.

So, the LoginServices logic should look something like this:

If configured for LDAP and LDAP server is available
  Authenticate using LDAP
Else
  Authenticate using OFBiz

4. Apache has an LDAP server. If your modification used the Apache LDAP code, then licensing shouldn't be an issue.


> Authentication using LDAP
> -------------------------
>
>                 Key: OFBIZ-811
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-811
>             Project: OFBiz (The Open for Business Project)
>          Issue Type: New Feature
>          Components: framework
>         Environment: all
>            Reporter: Mohamed Amine AZZI
>            Priority: Trivial
>         Attachments: LoginServices.java.diff, security.properties.diff
>
>
> this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session.
> the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also.
> After authentication all authorizations are taken out from the Party manager.  This would give the same feature used by SharePoint, which is called cross privileges
> the change is minor as you would see, but very helpfull for people needing the same feature.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.