OFBiz OFBiz - User

Logging into OFBiz with LDAP

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Trenton Perceval
Reply | Threaded
Open this post in threaded view
|

Logging into OFBiz with LDAP

Trenton Perceval
Hi.

I have configured my OFBiz instance to use CAS and LDAP during authentication and it works.
The problem is, that every user, which is present in LDAP, is logged in with full admin privileges.
Why is it so?
How to force OFBiz to import some groups from LDAP and behave appropriately, namely:
- there are some groups in LDAP
- OFBiz treats different groups in different ways in terms of privileges

I looked into the code and it seems that LDAP module is not too complex, rather not finished. Am I wrong?
How to achieve this groups mapping?
Adrian Crum-3
Reply | Threaded
Open this post in threaded view
|

Re: Logging into OFBiz with LDAP

Adrian Crum-3
I am not familiar with the CAS integration, but I can comment on the
basic LDAP authentication implemented within the framework. That
integration was intended to allow an OFBiz user to use the same
credentials as their LDAP credentials - nothing more. There were some
plans to expand the integration in the way you suggest, but that effort
didn't get much support.

-Adrian

On 6/5/2012 12:05 PM, Trenton Perceval wrote:

> Hi.
>
> I have configured my OFBiz instance to use CAS and LDAP during
> authentication and it works.
> The problem is, that every user, which is present in LDAP, is logged in with
> full admin privileges.
> Why is it so?
> How to force OFBiz to import some groups from LDAP and behave appropriately,
> namely:
> - there are some groups in LDAP
> - OFBiz treats different groups in different ways in terms of privileges
>
> I looked into the code and it seems that LDAP module is not too complex,
> rather not finished. Am I wrong?
> How to achieve this groups mapping?
>
> --
> View this message in context: http://ofbiz.135035.n4.nabble.com/Logging-into-OFBiz-with-LDAP-tp4633243.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
Shi Jinghai-3
Reply | Threaded
Open this post in threaded view
|

Re: Logging into OFBiz with LDAP

Shi Jinghai-3
In reply to this post by Trenton Perceval
Hi Trenton,

It's a history problem. I contributed the LDAP module in 2008. Yes, you're right, it's not finished as the dns were not parsed.

You can add that part by:
1. add user's dns to cas attributes by person directory (change cas server).
2.  parse the dn attributes and get the right user name/groups (ofbiz).
3. login the user (ofbiz).

Good luck,

Shi Jinghai


On 2012-6-5, at 下午7:05, Trenton Perceval wrote:

> Hi.
>
> I have configured my OFBiz instance to use CAS and LDAP during
> authentication and it works.
> The problem is, that every user, which is present in LDAP, is logged in with
> full admin privileges.
> Why is it so?
> How to force OFBiz to import some groups from LDAP and behave appropriately,
> namely:
> - there are some groups in LDAP
> - OFBiz treats different groups in different ways in terms of privileges
>
> I looked into the code and it seems that LDAP module is not too complex,
> rather not finished. Am I wrong?
> How to achieve this groups mapping?
>
> --
> View this message in context: http://ofbiz.135035.n4.nabble.com/Logging-into-OFBiz-with-LDAP-tp4633243.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>

mahesh
Reply | Threaded
Open this post in threaded view
|

Re: Logging into OFBiz with LDAP

mahesh
In reply to this post by Trenton Perceval
Hi Could you please provide me document or steps to integrate ofbiz with ldap and cas.
sachinmanjule
Reply | Threaded
Open this post in threaded view
|

Re: Logging into OFBiz with LDAP

sachinmanjule
In reply to this post by Shi Jinghai-3
Hi Shi Jinghai,


I am trying to Integret Ofbiz with LDAP Server(I dis not use CAS). but I am in trouble with User Not found, can not login this application etc errors i am facing, please help me step by step proceedure to login through LDAP in Ofbiz,

Thank you so much...
sachinmanjule
Reply | Threaded
Open this post in threaded view
|

Re: Logging into OFBiz with LDAP

sachinmanjule
In reply to this post by Adrian Crum-3
Hi Adrian ,

I am trying to Integrate Ofbiz with LDAP Server(I did not use CAS). but I am in trouble with User Not found, can not login this application etc. errors i am facing, please help me step by step procedure to login through LDAP in Ofbiz,

Thank you so much...
sachinmanjule
Reply | Threaded
Open this post in threaded view
|

Re: Logging into OFBiz with LDAP

sachinmanjule
In reply to this post by Shi Jinghai-3
Hi,

I have done with LDAP part in Ofbiz, but i have problem with CAS which is not succeed, could you please send me step by step procedure to complete CAS+OFbiz Integration.

Please I have Done following:

1.security.login.http.header=REMOTE_USER
2.security.login.http.servlet.remoteuserlogin.allow=true
3.
    <CasLoginUri>/login</CasLoginUri>
    <CasLogoutUri>/logout</CasLogoutUri>
    <CasUrl>https://localhost:8443/cas</CasUrl>
    <CasValidateUri>/validate</CasValidateUri>
    <CasLdapHandler>org.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler</CasLdapHandler>
    <CasTGTCookieName>CASTGC</CasTGTCookieName>
4.copy and pasted cas-web.war into <ofbiz-home>framework/webapp
5.copy and pasted cas-client.jar into each module WEB-INF folder(accounting/webapp/WEB-INF)

now tell me where I was wrong..

Thanks in Advance
Sharan-F
Reply | Threaded
Open this post in threaded view
|

Re: Logging into OFBiz with LDAP

Sharan-F
Hi

I found this documention regarding LDAP and CAS in the existing Webhelp the ofbizextra demo (login using admin/ofbiz)

https://demo.ofbizextra.org/ofbizhelp/webtools_fr/content/CASLDAP.html

Hope this helps.

Thanks
Sharan

sachinmanjule
Reply | Threaded
Open this post in threaded view
|

Re: Logging into OFBiz with LDAP

sachinmanjule
Hi Sharan,

Thanks for your reply.

I will try with above documentation and let you know.

Thanks.


On Fri, Jul 10, 2015 at 12:50 PM, Sharan-F [via OFBiz] <[hidden email]> wrote:
Hi

I found this documention regarding LDAP and CAS in the existing Webhelp the ofbizextra demo (login using admin/ofbiz)

https://demo.ofbizextra.org/ofbizhelp/webtools_fr/content/CASLDAP.html

Hope this helps.

Thanks
Sharan



If you reply to this email, your message will be added to the discussion below:
http://ofbiz.135035.n4.nabble.com/Logging-into-OFBiz-with-LDAP-tp4633243p4670881.html
To unsubscribe from Logging into OFBiz with LDAP, click here.
NAML



--
Regards,
Sachin Manjule
Software Engineer
sachinmanjule
Reply | Threaded
Open this post in threaded view
|

Re: Logging into OFBiz with LDAP

sachinmanjule
In reply to this post by Sharan-F
Hi Sharan,

I have one doubt about below line..

Deploy cas-server-webapp-[version].war to Tomcat

means where i should put cas-server-webapp.war file?

because in Ofbiz there too many webapps folder for each module

where i should put this war?  in each module webapps or in ofbiz/framework/appserver/templates/tomcat6?

Please help me.




On Fri, Jul 10, 2015 at 2:36 PM, Sachin Manjule <[hidden email]> wrote:
Hi Sharan,

Thanks for your reply.

I will try with above documentation and let you know.

Thanks.


On Fri, Jul 10, 2015 at 12:50 PM, Sharan-F [via OFBiz] <[hidden email]> wrote:
Hi

I found this documention regarding LDAP and CAS in the existing Webhelp the ofbizextra demo (login using admin/ofbiz)

https://demo.ofbizextra.org/ofbizhelp/webtools_fr/content/CASLDAP.html

Hope this helps.

Thanks
Sharan



If you reply to this email, your message will be added to the discussion below:
http://ofbiz.135035.n4.nabble.com/Logging-into-OFBiz-with-LDAP-tp4633243p4670881.html
To unsubscribe from Logging into OFBiz with LDAP, click here.
NAML



--
Regards,
Sachin Manjule
Software Engineer



--
Regards,
Sachin Manjule
Software Engineer
Sharan-F
Reply | Threaded
Open this post in threaded view
|

Re: Logging into OFBiz with LDAP

Sharan-F
Hi

I'm sorry but I'm not a developer or technical so can't help you because I don't know. Hopefully someone else from the community will respond and be able to help you.

Thanks
Sharan
sachinmanjule
Reply | Threaded
Open this post in threaded view
|

Re: Logging into OFBiz with LDAP

sachinmanjule
No problem.

Anyway thanks a lot for your help.

On Fri, Jul 10, 2015 at 2:48 PM, Sharan-F [via OFBiz] <[hidden email]> wrote:
Hi

I'm sorry but I'm not a developer or technical so can't help you because I don't know. Hopefully someone else from the community will respond and be able to help you.

Thanks
Sharan


If you reply to this email, your message will be added to the discussion below:
http://ofbiz.135035.n4.nabble.com/Logging-into-OFBiz-with-LDAP-tp4633243p4670888.html
To unsubscribe from Logging into OFBiz with LDAP, click here.
NAML



--
Regards,
Sachin Manjule
Software Engineer
Jacques Le Roux
Reply | Threaded
Open this post in threaded view
|

Re: Logging into OFBiz with LDAP

Jacques Le Roux
Administrator
In reply to this post by Sharan-F
For that people should rather subscribe to this and other OFBiz MLs
Using only the Nabble is not enough, because we don't receive their emails here, so much people miss them.

This is explained in the "more options" links in the title of the OFBiz forums at Nabble, and easy way is to go to
http://ofbiz.apache.org/mailing-lists.html
We will soon add a small tagline in the title to clarify this

Jacques

Le 10/07/2015 11:18, Sharan-F a écrit :

> Hi
>
> I'm sorry but I'm not a developer or technical so can't help you because I
> don't know. Hopefully someone else from the community will respond and be
> able to help you.
>
> Thanks
> Sharan
>
>
>
>
> --
> View this message in context: http://ofbiz.135035.n4.nabble.com/Logging-into-OFBiz-with-LDAP-tp4633243p4670888.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>
Free forum by Nabble Edit this page