Hi.
I am working on a project which is using OFBiz as a framework. I have already found some information about integration OFBiz with CAS and LDAP. But the only information I found is about performing authentication. Unfortunately, I need more advanced functionality. The concept is to keep all privilege rules in central server working with LDAP, independently from OFBiz database. For example, when some user logs in, wants to show/modify some his project tasks, he can only see the data that he is allowed to by some rules stored on external server. Are there any solutions to this problem already present or I have to implement this all on my own? Thank you for your time. |
there has been a lot of discussion both on the Dev and User mailing list
over the years. Research of the archives or google ofbiz LDAP should get you them. You can review the code in specialpurpose/ldap It is compiled but not loaded. stewie sent the following on 9/13/2011 12:19 AM: > Hi. > > I am working on a project which is using OFBiz as a framework. > I have already found some information about integration OFBiz with CAS and > LDAP. > But the only information I found is about performing authentication. > Unfortunately, I need more advanced functionality. The concept is to keep > all privilege rules in central server working with LDAP, independently > from > OFBiz database. For example, when some user logs in, wants to show/modify > some his project tasks, he can only see the data that he is allowed to by > some rules stored on external server. > Are there any solutions to this problem already present or I have to > implement this all on my own? > > Thank you for your time. > > |
In reply to this post by stewie
CAS/LDAP is only used for authentication, not for authorization.
-Adrian On 9/13/2011 8:19 AM, stewie wrote: > Hi. > > I am working on a project which is using OFBiz as a framework. > I have already found some information about integration OFBiz with CAS and > LDAP. > But the only information I found is about performing authentication. > Unfortunately, I need more advanced functionality. The concept is to keep > all privilege rules in central server working with LDAP, independently > from > OFBiz database. For example, when some user logs in, wants to show/modify > some his project tasks, he can only see the data that he is allowed to by > some rules stored on external server. > Are there any solutions to this problem already present or I have to > implement this all on my own? > > Thank you for your time. > |
Administrator
|
For authorization you need to use OFBiz permissions: https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security
Jacques From: "Adrian Crum" <[hidden email]> > CAS/LDAP is only used for authentication, not for authorization. > > -Adrian > > On 9/13/2011 8:19 AM, stewie wrote: >> Hi. >> >> I am working on a project which is using OFBiz as a framework. >> I have already found some information about integration OFBiz with CAS and >> LDAP. >> But the only information I found is about performing authentication. >> Unfortunately, I need more advanced functionality. The concept is to keep >> all privilege rules in central server working with LDAP, independently >> from >> OFBiz database. For example, when some user logs in, wants to show/modify >> some his project tasks, he can only see the data that he is allowed to by >> some rules stored on external server. >> Are there any solutions to this problem already present or I have to >> implement this all on my own? >> >> Thank you for your time. >> |
In reply to this post by Adrian Crum-3
Dnia 13 września 2011 10:59 Adrian Crum <[hidden email]> napisał(a):
> CAS/LDAP is only used for authentication, not for authorization. I was afraid that answer would be such. I have already noticed that OFBiz has a pretty complex privileges management on his own, storing rules on its database. I am wondering now if it would be hard to rewrite this part of OFBiz and force it to use LDAP or better idea is to start from scratch and build own module. |
In reply to this post by Jacques Le Roux
Dnia 13 września 2011 11:11 "Jacques Le Roux" <[hidden email]> napisał(a):
> For authorization you need to use OFBiz permissions: https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security I know that and I find it pretty useful, but unfortunately my client requirement is to use external LDAP server to privileges management, so I have to find solution to reconstruct this part of OFBiz. For now I don't have clear vision. Anyway, thanks for the link. |
In reply to this post by stewie
A rewrite has been proposed:
https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+Security+Redesign and a repository branch was created to implement and demonstrate it: https://svn.apache.org/repos/asf/ofbiz/branches/executioncontext20091231 -Adrian On 9/13/2011 10:15 AM, andromeda wrote: > Dnia 13 września 2011 10:59 Adrian Crum<[hidden email]> napisał(a): > >> CAS/LDAP is only used for authentication, not for authorization. > I was afraid that answer would be such. > I have already noticed that OFBiz has a pretty complex privileges management on his own, storing rules on its database. > I am wondering now if it would be hard to rewrite this part of OFBiz and force it to use LDAP or better idea is to start from scratch and build own module. |
Free forum by Nabble | Edit this page |