[jira] Commented: (OFBIZ-811) Authentication using LDAP

Sat, 14 Jul 2007 07:46:26 -0700 

    [ 
https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12512716
 ] 

Adrian Crum commented on OFBIZ-811:
-----------------------------------

Torsten,

The patch that Amine provided had a block of LDAP code inserted in the 
LoginServices file. My suggestion was to put that block of code in its own 
file, then have a simple if statement in LoginServices that would call that 
block of code. I don't know how to say that any simpler.

I agree that the user login code is monolithic. Making major changes to the 
login code would be very time consuming. I'm picturing  this issue resulting in 
a small change to the login code that would call an LDAP authentication method 
in addition to the current OFBiz authentication. "Pluggable authentication" 
would be nice, but there doesn't seem to be the resources available to make it 
happen. So instead, let's try to get a minimal version of LDAP authentication 
into the project. Amine's implementation achieves that, but I would like to see 
the code organized differently.




> Authentication using LDAP
> -------------------------
>
>                 Key: OFBIZ-811
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-811
>             Project: OFBiz
>          Issue Type: New Feature
>          Components: framework
>         Environment: all
>            Reporter: Mohamed Amine AZZI
>            Assignee: Si Chen
>            Priority: Trivial
>         Attachments: ldap_properties.patch, LoginServices.java.diff, 
> security.properties.diff
>
>
> this feature, would enable Ofbiz users to authenticate their users using an 
> LDAP. I developed that change in response to a customer request who wanted 
> his employees to use the same passwords they use when openning a windows 
> session.
> the solution was to recreate the same usernames in the Party manager with an 
> unused password. and redirect the authentication to the LDAP when needed. The 
> choice is made in the security.properties file. all parameters needed to 
> connect to the LDAP are there also.
> After authentication all authorizations are taken out from the Party manager. 
>  This would give the same feature used by SharePoint, which is called cross 
> privileges
> the change is minor as you would see, but very helpfull for people needing 
> the same feature.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to