[jira] [Commented] (CONNECTORS-515) Support also for openldap, not only activedirectory

Tue, 28 Aug 2012 05:54:12 -0700 

    [ 
https://issues.apache.org/jira/browse/CONNECTORS-515?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443131#comment-13443131
 ] 

Karl Wright commented on CONNECTORS-515:
----------------------------------------

Hi Maciej,

ManifoldCF is set up to project a repository's security model to the search 
results.  This means in general that we do not expect users to set up a 
secondary security model, which indeed would be a burden for people in an 
enterprise.  So, for a given repository X, we presume that it has a security 
model requiring authority Y.

For specific repositories that do not support native security, such as local 
directories, I could see adopting an external security model.  However, this 
would require modifications to the repository connectors in question, and may 
be best modeled by creating an entirely new authority connector which deals in 
user and group names rather than SIDs.  The repository connectors in question 
that might benefit from this would be:

(1) Local filesystem connector
(2) JDBC connector - although I think we'd preferentially want users to be able 
to control security via database tables in that case
(3) Wiki, web, and rss connectors - although once again I think we'd need a 
more fine-grained approach

I'm not sure about Samba either - I'll have to review my notes as to what we 
for security did vis-a-vis the JCIFs connector, which is what we use to crawl 
Samba shares.


                
> Support also for openldap, not only activedirectory
> ---------------------------------------------------
>
>                 Key: CONNECTORS-515
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-515
>             Project: ManifoldCF
>          Issue Type: New Feature
>          Components: Active Directory authority
>            Reporter: Maciej Lizewski
>            Priority: Minor
>
> Current authority supports only ActiveDirectory. Would be nice to have also 
> support for plain openLDAP and three kinds of groups:
> - memberOf attribute in user (InetOrgPerson) entry
> - posixGroup entry with memberUid attribute
> - groupOfNames entry with member attribute

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to