[
https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12480478
]
Adrian Crum commented on OFBIZ-811:
-----------------------------------
Mohamed Amine,
Thank you for contributing this work! I could use LDAP authentication here.
After a quick review of your patches, I would like to make some suggestions:
1. Put the LDAP settings in its own properties file. It can reside in the
framework/security/config folder. The security.properties file should contain
only settings that apply to ALL security authentication schemes.
2. Put the LDAP authentication code in its own .java file. Then have
LoginServices call the authentication code if the installation has been
configured for LDAP. In other words, reduce the LoginServices.java modification
to a simple if () statement that calls code in another file.
3. If the LDAP authentication is successful, update OFBiz's entities with the
current data (login name and password) so that both systems stay in sync.
OFBiz's built-in authentication can then be used as a backup, should the LDAP
server become unavailable.
So, the LoginServices logic should look something like this:
If configured for LDAP and LDAP server is available
Authenticate using LDAP
Else
Authenticate using OFBiz
4. Apache has an LDAP server. If your modification used the Apache LDAP code,
then licensing shouldn't be an issue.
> Authentication using LDAP
> -------------------------
>
> Key: OFBIZ-811
> URL: https://issues.apache.org/jira/browse/OFBIZ-811
> Project: OFBiz (The Open for Business Project)
> Issue Type: New Feature
> Components: framework
> Environment: all
> Reporter: Mohamed Amine AZZI
> Priority: Trivial
> Attachments: LoginServices.java.diff, security.properties.diff
>
>
> this feature, would enable Ofbiz users to authenticate their users using an
> LDAP. I developed that change in response to a customer request who wanted
> his employees to use the same passwords they use when openning a windows
> session.
> the solution was to recreate the same usernames in the Party manager with an
> unused password. and redirect the authentication to the LDAP when needed. The
> choice is made in the security.properties file. all parameters needed to
> connect to the LDAP are there also.
> After authentication all authorizations are taken out from the Party manager.
> This would give the same feature used by SharePoint, which is called cross
> privileges
> the change is minor as you would see, but very helpfull for people needing
> the same feature.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
