[
http://jira.nuxeo.org/browse/NXP-1082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Florent Guillaume updated NXP-1082:
-----------------------------------
Description:
UserManager Improvements
========================
Performances and robustness
---------------------------
Done in M3.
Mapping
-------
The virtual group mapping should be indirect to administrators and members.
These virtual groups are very much like roles. The name of these roles should
be configurable.
We should reintroduice the Role Directiry concepts.
This role mapping should occur at userManager level.
At directory level, we must provide an automatic group mapping :
- all users from one directory = group with the same name as the directory
- all users from one directory => member of some other groups
Directories Improvements
=========================
Group Mapping :
---------------
Directories must support virtual group mapping.
2 built-in virtual group per directory :
- one for all users
- one for directory admins
Domain association :
--------------------
A directory is a community of users.
A domain is a community of content.
Directory level groups will be used to define permission at domain level.
Users from one directory can have access to one or several domain.
Symetrically, from one domain, users can have access to one or more directories.
A dedicated ACL could be used to store this at domain level.
was:
UserManager Improvements
========================
Performances and robustness
---------------------------
Done in M3.
Mapping
-------
The virtual group mapping should be indirect to administrators and members.
These virtual groups are very much like roles. The name of these roles should
be configurable.
We should reintroduice the Role Directiry concepts.
This role mapping should occur at userManager level.
At directory level, we must provide an automatic group mapping :
- all users from one directory = group with the same name as the directory
- all users from one directory => member of some other groups
Multi-Directory support
-----------------------
UserManager should support several directories for users.
For groups, we have the same need, we need al least aggregated directories when
groups are handled directly in a LDAP server.
As in CPS Directories can be :
- stacked : users = users from directory A + users from Directory B
- aggregated : 1 user = n fields from directory A + m fields from Directory B
The typical use case for the méta-directory is Users from LDAP with some
application specific fields that are stored in a separated database.
Unlike in CPS, we could simplify the complexity of Meta and Stacking
directories by only addressing the user/group use case :
- the stacking and meta aggregation are done by user manager not by the
directory
- stacking and meta are only supported at one level : meta over stacking
There could be uses cases for more complex associations, but we will handle it
when needed ...
At login time, the user will be searched in all directories and authentication
will occur on first match.
Directories Improvements
=========================
Group Mapping :
---------------
Directories must support virtual group mapping.
2 built-in virtual group per directory :
- one for all users
- one for directory admins
Domain association :
--------------------
A directory is a community of users.
A domain is a community of content.
Directory level groups will be used to define permission at domain level.
Users from one directory can have access to one or several domain.
Symetrically, from one domain, users can have access to one or more directories.
A dedicated ACL could be used to store this at domain level.
Multiple directories support for UserManager moved to a separate task NXP-1500.
> NXDirectories improvments
> -------------------------
>
> Key: NXP-1082
> URL: http://jira.nuxeo.org/browse/NXP-1082
> Project: Nuxeo Enterprise Platform 5
> Issue Type: Improvement
> Reporter: Thierry Delprat
> Assignee: George Lefter
> Fix For: 5.2 M1
>
>
> UserManager Improvements
> ========================
> Performances and robustness
> ---------------------------
> Done in M3.
> Mapping
> -------
> The virtual group mapping should be indirect to administrators and members.
> These virtual groups are very much like roles. The name of these roles should
> be configurable.
> We should reintroduice the Role Directiry concepts.
> This role mapping should occur at userManager level.
> At directory level, we must provide an automatic group mapping :
> - all users from one directory = group with the same name as the directory
> - all users from one directory => member of some other groups
> Directories Improvements
> =========================
> Group Mapping :
> ---------------
> Directories must support virtual group mapping.
> 2 built-in virtual group per directory :
> - one for all users
> - one for directory admins
> Domain association :
> --------------------
> A directory is a community of users.
> A domain is a community of content.
> Directory level groups will be used to define permission at domain level.
> Users from one directory can have access to one or several domain.
> Symetrically, from one domain, users can have access to one or more
> directories.
> A dedicated ACL could be used to store this at domain level.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
ECM-tickets mailing list
ECM-tickets@lists.nuxeo.com
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets
