OFBiz › OFBiz - User

OFBiz privileges management with LDAP

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

7 messages Options

stewie

OFBiz privileges management with LDAP

Hi.

I am working on a project which is using OFBiz as a framework.
I have already found some information about integration OFBiz with CAS and
LDAP.
But the only information I found is about performing authentication.
Unfortunately, I need more advanced functionality. The concept is to keep
all privilege rules in central server working with LDAP, independently
from
OFBiz database. For example, when some user logs in, wants to show/modify
some his project tasks, he can only see the data that he is allowed to by
some rules stored on external server.
Are there any solutions to this problem already present or I have to
implement this all on my own?

Thank you for your time.

BJ Freeman

Re: OFBiz privileges management with LDAP

there has been a lot of discussion both on the Dev and User mailing list
over the years. Research of the archives or google ofbiz LDAP should get
you them.
You can review the code in specialpurpose/ldap
It is compiled but not loaded.

stewie sent the following on 9/13/2011 12:19 AM:

> Hi.
>
> I am working on a project which is using OFBiz as a framework.
> I have already found some information about integration OFBiz with CAS and
> LDAP.
> But the only information I found is about performing authentication.
> Unfortunately, I need more advanced functionality. The concept is to keep
> all privilege rules in central server working with LDAP, independently
> from
> OFBiz database. For example, when some user logs in, wants to show/modify
> some his project tasks, he can only see the data that he is allowed to by
> some rules stored on external server.
> Are there any solutions to this problem already present or I have to
> implement this all on my own?
>
> Thank you for your time.
>
>

Adrian Crum-3

Re: OFBiz privileges management with LDAP

In reply to this post by stewie

CAS/LDAP is only used for authentication, not for authorization.

-Adrian

On 9/13/2011 8:19 AM, stewie wrote:

Jacques Le Roux

Re: OFBiz privileges management with LDAP

Administrator

For authorization you need to use OFBiz permissions: https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security

Jacques

From: "Adrian Crum" <[hidden email]>

> CAS/LDAP is only used for authentication, not for authorization.
>
> -Adrian
>
> On 9/13/2011 8:19 AM, stewie wrote:
>> Hi.
>>
>> I am working on a project which is using OFBiz as a framework.
>> I have already found some information about integration OFBiz with CAS and
>> LDAP.
>> But the only information I found is about performing authentication.
>> Unfortunately, I need more advanced functionality. The concept is to keep
>> all privilege rules in central server working with LDAP, independently
>> from
>> OFBiz database. For example, when some user logs in, wants to show/modify
>> some his project tasks, he can only see the data that he is allowed to by
>> some rules stored on external server.
>> Are there any solutions to this problem already present or I have to
>> implement this all on my own?
>>
>> Thank you for your time.
>>

stewie

Re: OFBiz privileges management with LDAP

In reply to this post by Adrian Crum-3

Dnia 13 września 2011 10:59 Adrian Crum <[hidden email]> napisał(a):

> CAS/LDAP is only used for authentication, not for authorization.

I was afraid that answer would be such.
I have already noticed that OFBiz has a pretty complex privileges management on his own, storing rules on its database.
I am wondering now if it would be hard to rewrite this part of OFBiz and force it to use LDAP or better idea is to start from scratch and build own module.

stewie

Re: OFBiz privileges management with LDAP

In reply to this post by Jacques Le Roux

Dnia 13 września 2011 11:11 "Jacques Le Roux" <[hidden email]> napisał(a):

> For authorization you need to use OFBiz permissions: https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security

I know that and I find it pretty useful, but unfortunately my client requirement is to use external LDAP server to privileges management, so I have to find solution to reconstruct this part of OFBiz. For now I don't have clear vision.
Anyway, thanks for the link.

Adrian Crum-3

Re: OFBiz privileges management with LDAP

In reply to this post by stewie

A rewrite has been proposed:

https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+Security+Redesign

and a repository branch was created to implement and demonstrate it:

https://svn.apache.org/repos/asf/ofbiz/branches/executioncontext20091231

-Adrian

On 9/13/2011 10:15 AM, andromeda wrote:
> Dnia 13 września 2011 10:59 Adrian Crum<[hidden email]> napisał(a):
>
>> CAS/LDAP is only used for authentication, not for authorization.
> I was afraid that answer would be such.
> I have already noticed that OFBiz has a pretty complex privileges management on his own, storing rules on its database.
> I am wondering now if it would be hard to rewrite this part of OFBiz and force it to use LDAP or better idea is to start from scratch and build own module.