Thank you David! My English is not good enough to express what I'm thinking precisely. :)
Yes, "different ways of organizing and interpreting permissions". Shi Yusen/Beijing Langhua Ltd. 在 2008-06-19四的 22:30 -0600,David E Jones写道: > I'm not sure if this is what you mean Shi, but I think we're on the > same page with the problem with this: different applications tend to > have different permission sets, business processes that pass through > the applications, different ways of organizing and interpreting > permissions, and so on. You could configure groups of users in LDAP > (along with the authentication info), but added permissions as well is > not terribly useful. > > Some applications certainly put their permissions in LDAP, and are > made to be configured entirely through LDAP, which becomes a data > store that is an alternative to a relational database. However, it > doesn't mean that other applications will be able to share that > permission data, it just won't mean anything in the other apps. > > -David > > > On Jun 19, 2008, at 10:26 PM, Shi Yusen wrote: > > > Adrian, > > > > I guess you mean unified authentation and unified authoration. In > > pratice, unified authoration is useless. > > > > Shi Yusen/Beijing Langhua Ltd. > > > > > > 在 2008-06-19四的 19:53 -0700,Adrian Crum写道: > >> --- On Thu, 6/19/08, David E Jones <[EMAIL PROTECTED]> wrote: > >> I've had this discussion probably nearly 100 times with different > >> clients and different people, and been involved in over a dozen > >> different LDAP and SSO implementation. Based on that and reading this > >> a few things come to mind: > >> > >> 1. only put in LDAP what other applications can share, since that is > >> the whole point: sharing data in standard structures (as much as such > >> things exist...); putting as much as possible into LDAP only adds > >> effort with no reward, and in fact can cause performance and other > >> problems compared to having that data in a database > >> > >> So, what about keeping OFBiz permissions in LDAP? Did you read my > >> reply to Al? That's what I'm hoping to achieve - sharing OFBiz > >> permissions with network management applications. > >> > >> -Adrian > >> > >> > >> > >> > > >