IMO #1 is good, have we figured out how to support roles within LDAP from IS? --Srinath
On Mon, Oct 11, 2010 at 6:34 AM, Hasini Gunasinghe <hasi...@wso2.com> wrote: > Hi Samisa, > > On Mon, Oct 4, 2010 at 9:25 AM, Samisa Abeysinghe <sam...@wso2.com> wrote: > >> Once we have the LDAP user base wrapped with IS, we want the >> organizational roles to be mapped to the roles that can be defined in IS. >> >> AFAIK, We can do this in two ways: > 1. groups can be created in LDAP store according to the required roles and > users can be assigned to the relevant group. When the IS is connected with > LDAP, those roles are shown in admin's account under > home>configure>users>roles; as 'external roles' and the permission can be > configured to each role through IS. > 2. Roles can be created from the admin account of IS, users in the LDAP > user store can be assigned to the roles and permission can be configured. > Here the roles are shown as 'internal roles' and it is not reflected on > external LDAP, may be because they are stored in the internal h2 database. > Therefore, IMO it is better to do it in the 1st method, because if we need > to export the LDAP store for some other purpose, the defined roles are also > there in the LDAP store. > > Do we have any guidelines doing this? >> > Above is not a guideline as such, but two ways that I found possible for > creating roles, assigning users and configuring permission. Hope I answered > the question at least to some extent. > >> Note that, the main concern is the strict role based access to various >> resources across the organization. That need to map one-to-one to those >> roles defines in IS. >> > Thanks, >> Samisa... >> >> Samisa Abeysinghe >> VP Engineering >> WSO2 Inc. >> http://wso2.com >> http://wso2.org >> >> >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > Thanks. > Hasini. > > -- > Hasini Gunasinghe > e-mail: hasi...@wso2.com > > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- ============================ Srinath Perera, Ph.D. Senior Software Architect, WSO2 Inc. Visiting Lecturer, University of Moratuwa Member, Apache Software Foundation Member, Lanka Software Foundation Blog: http://srinathsview.blogspot.com/
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev