[jira] [Commented] (CONNECTORS-515) Support also for openldap, not only activedirectory

Tue, 28 Aug 2012 07:24:08 -0700 

    [ 
https://issues.apache.org/jira/browse/CONNECTORS-515?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443190#comment-13443190
 ] 

Maciej Lizewski commented on CONNECTORS-515:
--------------------------------------------

Whenever it can be supported - repository's security model SHOULD be projected 
to search index. My point was that there are many cases when it cannot be 
mapped automatically. We cooperate with many small-to-medium companies and none 
of them use ActiveDirectory. I know that this means they have mess but (I 
think) this is the case for centralised search index, which helps them maintain 
documents in several places with very prymitive privileges. There is no point 
for additional index when company is organised and uses SCM (Alfresco), because 
Alfresco already has Lucene built-in...

About samba - I was thinking about per-share configurations (we are using them 
in our company): you have got ldap with users and groups, they are mapped (with 
nsswitch, pam_ldap, etc) to system users and groups under linux, and samba 
shares are configured so that only specific group (single group) of users has 
access to such share. Because we have also "roles" implemented as groups (in 
example there is a group "projectmanager", "developer") and separate groups for 
project types, we can specify what group has access to a share and it suits our 
needs.


                
> Support also for openldap, not only activedirectory
> ---------------------------------------------------
>
>                 Key: CONNECTORS-515
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-515
>             Project: ManifoldCF
>          Issue Type: New Feature
>          Components: Active Directory authority
>            Reporter: Maciej Lizewski
>            Priority: Minor
>
> Current authority supports only ActiveDirectory. Would be nice to have also 
> support for plain openLDAP and three kinds of groups:
> - memberOf attribute in user (InetOrgPerson) entry
> - posixGroup entry with memberUid attribute
> - groupOfNames entry with member attribute

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to