Active Directory

> Thanks again Adrian
>
> Yet, we have
>  
> 1.)child domains and
> 2.)users organized via departments (all ofbiz users are not organized within the same OU's)
>
> Will it be possible to authenticate child domain users and add addtional OU's to the ldap.dn.template property?
>
> Wicus
>
> Adrian Crum wrote:
>> In the framework/security/config/jndiLdap.properties file:
>>
>> 1. Change the java.naming.provider.url property to point to your LDAP or
>> AD server
>>
>> 2. Change the ldap.dn.template property to specify the distinguished
>> name you are authenticating to. Read the comment just above the property.
>>
>> What you put in the ldap.dn.template property depends upon how your
>> directory is set up. I used JXplorer to view my directory and to try out
>> different DNs.
>>
>> The basic idea is to use the same context that the network user
>> typically logs in to. For example, if all of your OFBiz users are
>> members of an organizational unit (ou), then you would put that
>> organizational unit in the ldap.dn.template property.
>>
>> -Adrian
>>
>> Wicus wrote:
>>> Where does one specify the LDAP or Active Directory to use, when
>>> implementing
>>> the "ldap_authentication.patch" from
>>> https://issues.apache.org/jira/browse/OFBIZ-811 ...?
>>>
>>> Thanks
>>
> Quoted from:
> http://www.nabble.com/Active-Directory-tp17988490p17988865.html
>
>

>
>
> No joy at present.
>
> Once again your aid will be greatly appreciated.
>
> Wicus
>
> (P.S. I think I will most certainly take this feature futher the moment I'm more on-top of things)
>
> Adrian Crum wrote:
>> Having only one DN to authenticate to is one of the limitations that was
>> discussed in the Jira issue.
>>
>> You could try creating an LDAP object in your directory (called OFBiz or
>> something) and then grant network users read permission to the object.
>> Then use that object in the ldap.dn.template property. In other words,
>> authenticate to an object that network users are given permission to
>> "see." I'm not sure it will work, I'm just tossing the idea out there.
>>
>> As was mentioned in the Jira issue, it would be better to have each
>> OFBiz user login associated to a DN, but that would require a lot more
>> work.
>>
>> -Adrian
>>
>> wicus wrote:
>>> Thanks again Adrian
>>>
>>> Yet, we have
>>>  
>>> 1.)child domains and
>>> 2.)users organized via departments (all ofbiz users are not organized
>>> within the same OU's)
>>>
>>> Will it be possible to authenticate child domain users and add addtional
>>> OU's to the ldap.dn.template property?
>>>
>>> Wicus
>>>
>>> Adrian Crum wrote:
>>>> In the framework/security/config/jndiLdap.properties file:
>>>>
>>>> 1. Change the java.naming.provider.url property to point to your LDAP or
>>>> AD server
>>>>
>>>> 2. Change the ldap.dn.template property to specify the distinguished
>>>> name you are authenticating to. Read the comment just above the
>>>> property.
>>>>
>>>> What you put in the ldap.dn.template property depends upon how your
>>>> directory is set up. I used JXplorer to view my directory and to try out
>>>> different DNs.
>>>>
>>>> The basic idea is to use the same context that the network user
>>>> typically logs in to. For example, if all of your OFBiz users are
>>>> members of an organizational unit (ou), then you would put that
>>>> organizational unit in the ldap.dn.template property.
>>>>
>>>> -Adrian
>>>>
>>>> Wicus wrote:
>>>>> Where does one specify the LDAP or Active Directory to use, when
>>>>> implementing
>>>>> the "ldap_authentication.patch" from
>>>>> https://issues.apache.org/jira/browse/OFBIZ-811 ...?
>>>>>
>>>>> Thanks
>>> Quoted from:
>>> http://www.nabble.com/Active-Directory-tp17988490p17988865.html
>>>
>>>
>>
> Quoted from:
> http://www.nabble.com/Active-Directory-tp17988490p17989570.html
>
>