I don't think password synchronisation would be a common enough use case to
add to Acegi Security. Although I'm open to others' views as well, though...
The way I'd approach this is to embody all of the logic inside the
AuthenticationDao. Your AuthenticationDao can maintain its own "backup" list
of users and roles, and consult this if the primary LDAP authentication is
down. Each time it accesses the primary LDAP system, it would overwrite the
local users and roles record.
An issue is how to handle deletion. If a user isn't found on the primary
LDAP system, the local replica could be checked and any record(s) removed.
Alternatively, messaging could be used, where your LDAP server notifies
interested listeners it has removed or updated a record, perhaps over JMS.
Listeners can then update their local caches.
Many LDAP products also offer replica capabilities. It would save you
re-inventing your own replication model. Would it be possible to have an
LDAP server collocated with the web server, which can receive updates from
the master LDAP server using its own native approach?
Best regards
Ben
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Shishir K. Singh
Sent: Tuesday, 8 June 2004 3:14 AM
To: [EMAIL PROTECTED]
Subject: [Acegisecurity-developer] Password Synchronization
I was wondering as to how to approach the password synchronization??
The use case is:
a) There is an enterprise wide authentication system vide the LDAP.
b) There's a custom web application that maintains it's own user
list and roles (say local user list). Only if the users exist in the local
user list, they will be validated against the LDAP for password
authentication (if this is active).
c) If for some reason the LDAP is down, the user should be able to
bypass the authentication and login using the local authentication. For
this, I always need to synchronize the successful password login to the
local password (one way encoding..off course).
I was wondering how to implement this using ACEIG. Do you think that
this is outside the security domain and should be handled separately ? Or
can a new method, say synchronizePassword (in the dao provider for now ) can
be added just like loadUserByUsername.
Thanks
Shishir
-------------------------------------------------------
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
