Adrian, I guess you mean unified authentation and unified authoration. In pratice, unified authoration is useless.
Shi Yusen/Beijing Langhua Ltd. 在 2008-06-19四的 19:53 -0700,Adrian Crum写道: > --- On Thu, 6/19/08, David E Jones <[EMAIL PROTECTED]> wrote: > I've had this discussion probably nearly 100 times with different > clients and different people, and been involved in over a dozen > different LDAP and SSO implementation. Based on that and reading this > a few things come to mind: > > 1. only put in LDAP what other applications can share, since that is > the whole point: sharing data in standard structures (as much as such > things exist...); putting as much as possible into LDAP only adds > effort with no reward, and in fact can cause performance and other > problems compared to having that data in a database > > So, what about keeping OFBiz permissions in LDAP? Did you read my reply to > Al? That's what I'm hoping to achieve - sharing OFBiz permissions with > network management applications. > > -Adrian > > > >