You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Trenton Perceval <tr...@gmail.com> on 2012/06/05 13:05:40 UTC
Logging into OFBiz with LDAP
Hi.
I have configured my OFBiz instance to use CAS and LDAP during
authentication and it works.
The problem is, that every user, which is present in LDAP, is logged in with
full admin privileges.
Why is it so?
How to force OFBiz to import some groups from LDAP and behave appropriately,
namely:
- there are some groups in LDAP
- OFBiz treats different groups in different ways in terms of privileges
I looked into the code and it seems that LDAP module is not too complex,
rather not finished. Am I wrong?
How to achieve this groups mapping?
--
View this message in context: http://ofbiz.135035.n4.nabble.com/Logging-into-OFBiz-with-LDAP-tp4633243.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Logging into OFBiz with LDAP
Posted by Adrian Crum <ad...@sandglass-software.com>.
I am not familiar with the CAS integration, but I can comment on the
basic LDAP authentication implemented within the framework. That
integration was intended to allow an OFBiz user to use the same
credentials as their LDAP credentials - nothing more. There were some
plans to expand the integration in the way you suggest, but that effort
didn't get much support.
-Adrian
On 6/5/2012 12:05 PM, Trenton Perceval wrote:
> Hi.
>
> I have configured my OFBiz instance to use CAS and LDAP during
> authentication and it works.
> The problem is, that every user, which is present in LDAP, is logged in with
> full admin privileges.
> Why is it so?
> How to force OFBiz to import some groups from LDAP and behave appropriately,
> namely:
> - there are some groups in LDAP
> - OFBiz treats different groups in different ways in terms of privileges
>
> I looked into the code and it seems that LDAP module is not too complex,
> rather not finished. Am I wrong?
> How to achieve this groups mapping?
>
> --
> View this message in context: http://ofbiz.135035.n4.nabble.com/Logging-into-OFBiz-with-LDAP-tp4633243.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Logging into OFBiz with LDAP
Posted by Jacques Le Roux <ja...@les7arts.com>.
For that people should rather subscribe to this and other OFBiz MLs
Using only the Nabble is not enough, because we don't receive their emails here, so much people miss them.
This is explained in the "more options" links in the title of the OFBiz forums at Nabble, and easy way is to go to
http://ofbiz.apache.org/mailing-lists.html
We will soon add a small tagline in the title to clarify this
Jacques
Le 10/07/2015 11:18, Sharan-F a écrit :
> Hi
>
> I'm sorry but I'm not a developer or technical so can't help you because I
> don't know. Hopefully someone else from the community will respond and be
> able to help you.
>
> Thanks
> Sharan
>
>
>
>
> --
> View this message in context: http://ofbiz.135035.n4.nabble.com/Logging-into-OFBiz-with-LDAP-tp4633243p4670888.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>
Re: Logging into OFBiz with LDAP
Posted by Sharan-F <sh...@gmail.com>.
Hi
I'm sorry but I'm not a developer or technical so can't help you because I
don't know. Hopefully someone else from the community will respond and be
able to help you.
Thanks
Sharan
--
View this message in context: http://ofbiz.135035.n4.nabble.com/Logging-into-OFBiz-with-LDAP-tp4633243p4670888.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Logging into OFBiz with LDAP
Posted by Sharan-F <sh...@gmail.com>.
Hi
I found this documention regarding LDAP and CAS in the existing Webhelp the
ofbizextra demo (login using admin/ofbiz)
https://demo.ofbizextra.org/ofbizhelp/webtools_fr/content/CASLDAP.html
Hope this helps.
Thanks
Sharan
--
View this message in context: http://ofbiz.135035.n4.nabble.com/Logging-into-OFBiz-with-LDAP-tp4633243p4670881.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Logging into OFBiz with LDAP
Posted by "shi.jinghai" <hu...@hotmail.com>.
Hi Trenton,
It's a history problem. I contributed the LDAP module in 2008. Yes, you're right, it's not finished as the dns were not parsed.
You can add that part by:
1. add user's dns to cas attributes by person directory (change cas server).
2. parse the dn attributes and get the right user name/groups (ofbiz).
3. login the user (ofbiz).
Good luck,
Shi Jinghai
On 2012-6-5, at 下午7:05, Trenton Perceval wrote:
> Hi.
>
> I have configured my OFBiz instance to use CAS and LDAP during
> authentication and it works.
> The problem is, that every user, which is present in LDAP, is logged in with
> full admin privileges.
> Why is it so?
> How to force OFBiz to import some groups from LDAP and behave appropriately,
> namely:
> - there are some groups in LDAP
> - OFBiz treats different groups in different ways in terms of privileges
>
> I looked into the code and it seems that LDAP module is not too complex,
> rather not finished. Am I wrong?
> How to achieve this groups mapping?
>
> --
> View this message in context: http://ofbiz.135035.n4.nabble.com/Logging-into-OFBiz-with-LDAP-tp4633243.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>