You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by stewie <an...@o2.pl> on 2011/09/13 09:19:00 UTC
OFBiz privileges management with LDAP
Hi.
I am working on a project which is using OFBiz as a framework.
I have already found some information about integration OFBiz with CAS and
LDAP.
But the only information I found is about performing authentication.
Unfortunately, I need more advanced functionality. The concept is to keep
all privilege rules in central server working with LDAP, independently
from
OFBiz database. For example, when some user logs in, wants to show/modify
some his project tasks, he can only see the data that he is allowed to by
some rules stored on external server.
Are there any solutions to this problem already present or I have to
implement this all on my own?
Thank you for your time.
Re: OFBiz privileges management with LDAP
Posted by BJ Freeman <bj...@free-man.net>.
there has been a lot of discussion both on the Dev and User mailing list
over the years. Research of the archives or google ofbiz LDAP should get
you them.
You can review the code in specialpurpose/ldap
It is compiled but not loaded.
stewie sent the following on 9/13/2011 12:19 AM:
> Hi.
>
> I am working on a project which is using OFBiz as a framework.
> I have already found some information about integration OFBiz with CAS and
> LDAP.
> But the only information I found is about performing authentication.
> Unfortunately, I need more advanced functionality. The concept is to keep
> all privilege rules in central server working with LDAP, independently
> from
> OFBiz database. For example, when some user logs in, wants to show/modify
> some his project tasks, he can only see the data that he is allowed to by
> some rules stored on external server.
> Are there any solutions to this problem already present or I have to
> implement this all on my own?
>
> Thank you for your time.
>
>
Re: OFBiz privileges management with LDAP
Posted by andromeda <an...@o2.pl>.
Dnia 13 września 2011 11:11 "Jacques Le Roux" <ja...@les7arts.com> napisał(a):
> For authorization you need to use OFBiz permissions: https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security
I know that and I find it pretty useful, but unfortunately my client requirement is to use external LDAP server to privileges management, so I have to find solution to reconstruct this part of OFBiz. For now I don't have clear vision.
Anyway, thanks for the link.
Re: OFBiz privileges management with LDAP
Posted by Jacques Le Roux <ja...@les7arts.com>.
For authorization you need to use OFBiz permissions: https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security
Jacques
From: "Adrian Crum" <ad...@sandglass-software.com>
> CAS/LDAP is only used for authentication, not for authorization.
>
> -Adrian
>
> On 9/13/2011 8:19 AM, stewie wrote:
>> Hi.
>>
>> I am working on a project which is using OFBiz as a framework.
>> I have already found some information about integration OFBiz with CAS and
>> LDAP.
>> But the only information I found is about performing authentication.
>> Unfortunately, I need more advanced functionality. The concept is to keep
>> all privilege rules in central server working with LDAP, independently
>> from
>> OFBiz database. For example, when some user logs in, wants to show/modify
>> some his project tasks, he can only see the data that he is allowed to by
>> some rules stored on external server.
>> Are there any solutions to this problem already present or I have to
>> implement this all on my own?
>>
>> Thank you for your time.
>>
Re: OFBiz privileges management with LDAP
Posted by Adrian Crum <ad...@sandglass-software.com>.
A rewrite has been proposed:
https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+Security+Redesign
and a repository branch was created to implement and demonstrate it:
https://svn.apache.org/repos/asf/ofbiz/branches/executioncontext20091231
-Adrian
On 9/13/2011 10:15 AM, andromeda wrote:
> Dnia 13 września 2011 10:59 Adrian Crum<ad...@sandglass-software.com> napisał(a):
>
>> CAS/LDAP is only used for authentication, not for authorization.
> I was afraid that answer would be such.
> I have already noticed that OFBiz has a pretty complex privileges management on his own, storing rules on its database.
> I am wondering now if it would be hard to rewrite this part of OFBiz and force it to use LDAP or better idea is to start from scratch and build own module.
Re: OFBiz privileges management with LDAP
Posted by andromeda <an...@o2.pl>.
Dnia 13 września 2011 10:59 Adrian Crum <ad...@sandglass-software.com> napisał(a):
> CAS/LDAP is only used for authentication, not for authorization.
I was afraid that answer would be such.
I have already noticed that OFBiz has a pretty complex privileges management on his own, storing rules on its database.
I am wondering now if it would be hard to rewrite this part of OFBiz and force it to use LDAP or better idea is to start from scratch and build own module.
Re: OFBiz privileges management with LDAP
Posted by Adrian Crum <ad...@sandglass-software.com>.
CAS/LDAP is only used for authentication, not for authorization.
-Adrian
On 9/13/2011 8:19 AM, stewie wrote:
> Hi.
>
> I am working on a project which is using OFBiz as a framework.
> I have already found some information about integration OFBiz with CAS and
> LDAP.
> But the only information I found is about performing authentication.
> Unfortunately, I need more advanced functionality. The concept is to keep
> all privilege rules in central server working with LDAP, independently
> from
> OFBiz database. For example, when some user logs in, wants to show/modify
> some his project tasks, he can only see the data that he is allowed to by
> some rules stored on external server.
> Are there any solutions to this problem already present or I have to
> implement this all on my own?
>
> Thank you for your time.
>