You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ofbiz.apache.org by stewie <an...@o2.pl> on 2011/09/13 09:19:00 UTC

OFBiz privileges management with LDAP

Hi.

I am working on a project which is using OFBiz as a framework.
I have already found some information about integration OFBiz with CAS and
LDAP.
But the only information I found is about performing authentication.
Unfortunately, I need more advanced functionality. The concept is to keep
all privilege rules in central server working with LDAP, independently
from
OFBiz database. For example, when some user logs in, wants to show/modify
some his project tasks, he can only see the data that he is allowed to by
some rules stored on external server.
Are there any solutions to this problem already present or I have to
implement this all on my own?

Thank you for your time.

Re: OFBiz privileges management with LDAP

Posted by BJ Freeman <bj...@free-man.net>.

there has been a lot of discussion both on the Dev and User mailing list
over the years. Research of the archives or google ofbiz LDAP should get
you them.
You can review the code in specialpurpose/ldap
It is compiled but not loaded.

stewie sent the following on 9/13/2011 12:19 AM:
> Hi.
> 
> I am working on a project which is using OFBiz as a framework.
> I have already found some information about integration OFBiz with CAS and
> LDAP.
> But the only information I found is about performing authentication.
> Unfortunately, I need more advanced functionality. The concept is to keep
> all privilege rules in central server working with LDAP, independently
> from
> OFBiz database. For example, when some user logs in, wants to show/modify
> some his project tasks, he can only see the data that he is allowed to by
> some rules stored on external server.
> Are there any solutions to this problem already present or I have to
> implement this all on my own?
> 
> Thank you for your time.
> 
>

Re: OFBiz privileges management with LDAP

Posted by andromeda <an...@o2.pl>.

Dnia 13 września 2011 11:11 "Jacques Le Roux" <ja...@les7arts.com> napisał(a):

> For authorization you need to use OFBiz permissions: https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security

I know that and I find it pretty useful, but unfortunately my client requirement is to use external LDAP server to privileges management, so I have to find solution to reconstruct this part of OFBiz. For now I don't have clear vision.
Anyway, thanks for the link.

Re: OFBiz privileges management with LDAP

Posted by Jacques Le Roux <ja...@les7arts.com>.

For authorization you need to use OFBiz permissions: https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security

Jacques

From: "Adrian Crum" <ad...@sandglass-software.com>
> CAS/LDAP is only used for authentication, not for authorization.
> 
> -Adrian
> 
> On 9/13/2011 8:19 AM, stewie wrote:
>> Hi.
>>
>> I am working on a project which is using OFBiz as a framework.
>> I have already found some information about integration OFBiz with CAS and
>> LDAP.
>> But the only information I found is about performing authentication.
>> Unfortunately, I need more advanced functionality. The concept is to keep
>> all privilege rules in central server working with LDAP, independently
>> from
>> OFBiz database. For example, when some user logs in, wants to show/modify
>> some his project tasks, he can only see the data that he is allowed to by
>> some rules stored on external server.
>> Are there any solutions to this problem already present or I have to
>> implement this all on my own?
>>
>> Thank you for your time.
>>

Re: OFBiz privileges management with LDAP

Posted by Adrian Crum <ad...@sandglass-software.com>.

A rewrite has been proposed:

https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+Security+Redesign

and a repository branch was created to implement and demonstrate it:

https://svn.apache.org/repos/asf/ofbiz/branches/executioncontext20091231

-Adrian

On 9/13/2011 10:15 AM, andromeda wrote:
> Dnia 13 września 2011 10:59 Adrian Crum<ad...@sandglass-software.com>  napisał(a):
>
>> CAS/LDAP is only used for authentication, not for authorization.
> I was afraid that answer would be such.
> I have already noticed that OFBiz has a pretty complex privileges management on his own, storing rules on its database.
> I am wondering now if it would be hard to rewrite this part of OFBiz and force it to use LDAP or better idea is to start from scratch and build own module.

Re: OFBiz privileges management with LDAP

Posted by andromeda <an...@o2.pl>.

Dnia 13 września 2011 10:59 Adrian Crum <ad...@sandglass-software.com> napisał(a):

> CAS/LDAP is only used for authentication, not for authorization.

I was afraid that answer would be such.
I have already noticed that OFBiz has a pretty complex privileges management on his own, storing rules on its database.
I am wondering now if it would be hard to rewrite this part of OFBiz and force it to use LDAP or better idea is to start from scratch and build own module.

Re: OFBiz privileges management with LDAP

Posted by Adrian Crum <ad...@sandglass-software.com>.

CAS/LDAP is only used for authentication, not for authorization.

-Adrian

On 9/13/2011 8:19 AM, stewie wrote:
> Hi.
>
> I am working on a project which is using OFBiz as a framework.
> I have already found some information about integration OFBiz with CAS and
> LDAP.
> But the only information I found is about performing authentication.
> Unfortunately, I need more advanced functionality. The concept is to keep
> all privilege rules in central server working with LDAP, independently
> from
> OFBiz database. For example, when some user logs in, wants to show/modify
> some his project tasks, he can only see the data that he is allowed to by
> some rules stored on external server.
> Are there any solutions to this problem already present or I have to
> implement this all on my own?
>
> Thank you for your time.
>