Ian,
We are talking here about internal users. The directory I'm accessing
keeps a copy of the structure of the organization I'm making the
application for. As you say, I use this directory to give different
access rights to each users regarding their absolute and relative
position (a manager may authorize requests from employees under his
organizational unit, but not in others). Anyway, there is some info
specific to the application that cannot be kept in the directory, so I
use my database for this purpose.
Under this scenario it made sense for us to make some abstraction
that would isolate us from LDAP and database access, and we thought of
an entity bean representing our users. Keep in mind that we have also
the application administrator role, that may change permissions for
other users. Our entity bean provides us methods for all those things:
asking for permissions, asking for relation between two employees,
changing rights for an user,...
Any thoughts about this?
Regards
Jose
Ian McCallion wrote:
> Jose González Gómez wrote:
>
>> I have an ejb named User that models an user interacting with my
>> application. I need this as the actions this user may do in the
>> application depend on his position in a directory I access through LDAP.
>> I keep some info I need about the user in a database, as this info is
>> not in the directory. This way the bean encapsulates all the needed
>> access to LDAP and database.
>>
>> My problem is that in ejbLoad I need to connect to LDAP and database,
>> and in ejbStore I connect only to the database, as the info in LDAP will
>> never be changed in my application. I get the connections to the
>> database from the connection pool of my app server, but there's no
>> connection pooling for LDAP connnections, so the ejbLoad operation takes
>> a lot of time in making this connection time after time.
>>
>> What could I do? Should I make my own connection pooling mechanism
>> for LDAP? Is this possible under J2EE? Any other ideas about this?
>
>
> There are two reasons to know who your users are:
>
> 1. So that you can limit their authority e.g. a supervisor, front-office
> clerk and a backoffice clerk are allowed to do different things.
>
> 2. So that you can "know your users" e.g. give them access to their
> account, keep track of what they like to do when visiting your site,
> etc.
>
> Clearly 1. is related to internal users and 2. is related to customers or other
> external users.
>
> I do not recommend keeping information about external users in LDAP as your
> requirements for access to the information are almost certain to exceed LDAP's
> ability to provide it.
>
> So use LDAP for internal users of your application, but keep ALL external user
> data in a database only.
>
>
> Ian McCallion
> Alexis Systems Limited
> Romsey, UK
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
