[jira] Created: (OFBIZ-811) Authentication using LDAP
Locked
123
123
[jira] Commented: (OFBIZ-811) Authentication using LDAP
 
|
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12513299 ] Si Chen commented on OFBIZ-811: ------------------------------- I don't think it should be all-or-none like this. If a user doesn't have an LDAP entry we should still look him up against the ofbiz user logins. Also, if a user is defined only in ldap but not in ofbiz, how do we define what ofbiz application permissions he has? > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Assignee: Si Chen > Priority: Trivial > Attachments: ldap_authentication.patch, ldap_properties.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Commented: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12513304 ] Adrian Crum commented on OFBIZ-811: ----------------------------------- Si, Feel free to download and improve the patch. I agree with you - it needs more work. Yet, it is a good thing that some progress is being made. On your second point, the OFBiz application permissions would still be used as usual. So, LDAP (at this stage) is just used to check login credentials, nothing else. I would like to see this expanded further to allow applications permissions checking via LDAP - but that will be another issue. > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Assignee: Si Chen > Priority: Trivial > Attachments: ldap_authentication.patch, ldap_properties.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Commented: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12599400#action_12599400 ] Paul Anderson commented on OFBIZ-811: ------------------------------------- Mohamed, Adrian, Si, Has any further progress been made on this issue? I am working on a project which is going to need authentication via LDAP and I am desperatly trying to sort out a working solution, even if it's cobbled together in the short term. I can connect and authenticate using the files and code put forward in this topic, but the next step is to be able to get a list of all the groups that a member belongs to from AD so that OFBiz can decide if the user has permissions for the requested resource. It is getting the list of all groups for a member from AD that I am really struggling with.... any help would be much appreciated. Kind Regards, Paul > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Assignee: Si Chen > Priority: Trivial > Attachments: ldap_authentication.patch, ldap_properties.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Assigned: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Si Chen reassigned OFBIZ-811: ----------------------------- Assignee: (was: Si Chen) > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Priority: Trivial > Attachments: ldap_authentication.patch, ldap_properties.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Commented: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12604793#action_12604793 ] Wicus commented on OFBIZ-811: ----------------------------- Hi Paul, Have you sorted out your Groups issue ? > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Priority: Trivial > Attachments: ldap_authentication.patch, ldap_properties.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Commented: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12604933#action_12604933 ] Adrian Crum commented on OFBIZ-811: ----------------------------------- There has been considerable discussion on the mailing list about LDAP integration. In addition, David Jones did a study and proposal on using LDAP for the entity engine - which can be found on the OFBiz Wiki. The ideal solution would be to have the option for the OFBiz entity engine to use LDAP instead of SQL - but that will require a great deal of effort. So far, no one has stepped forward with funds or manpower to implement it. A second (less than ideal) solution is to just have an OFBiz user authenticate to LDAP, and use the standard SQL entity engine for data storage. That is the solution this Jira issue addresses. Even this "scaled down" solution will take a lot of work. Again, no one has stepped forward with funds or manpower to implement it. I would like to see this effort result in OFBiz's permissions being integrated into the directory's schema, so that directory tools can be used to control OFBiz user permissions. > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Priority: Trivial > Attachments: ldap_authentication.patch, ldap_properties.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Issue Comment Edited: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12605533#action_12605533 ] wicus edited comment on OFBIZ-811 at 6/17/08 2:59 AM: ------------------------------------------------------ I feel, to say the least, like an ID10T in how to implement this solution... Do I simply amend each file to fit my LDAP specs and then drop all the files in the directories mentioned in each file's header and recompile ? If so, where does one place the "LoginServices.java" file? Apologies for this totally weak comment. was (Author: wicus): I feel, to say the least, like an ID10T in how to implement this solution... Do I simply amend each file to fit my LDAP particulars and then drop all the files in the directories mentioned in each file's header and recompile ? If so, where does one place the "LoginServices.java" file? Apologies for this totally weak comment. > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Priority: Trivial > Attachments: ldap_authentication.patch, ldap_properties.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Commented: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12605533#action_12605533 ] Wicus commented on OFBIZ-811: ----------------------------- I feel, to say the least, like an ID10T in how to implement this solution... Do I simply amend each file to fit my LDAP particulars and then drop all the files in the directories mentioned in each file's header and recompile ? If so, where does one place the "LoginServices.java" file? Apologies for this totally weak comment. > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Priority: Trivial > Attachments: ldap_authentication.patch, ldap_properties.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Updated: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Adrian Crum updated OFBIZ-811: ------------------------------ Attachment: ldap_authentication.patch I updated ldap_authentication.patch to the latest svn rev. Keep in mind that this is untested "proof of concept" code. > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Priority: Trivial > Attachments: ldap_authentication.patch, ldap_authentication.patch, ldap_properties.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Updated: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Adrian Crum updated OFBIZ-811: ------------------------------ Attachment: (was: ldap_authentication.patch) > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Priority: Trivial > Attachments: LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Updated: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Adrian Crum updated OFBIZ-811: ------------------------------ Attachment: (was: ldap_properties.patch) > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Priority: Trivial > Attachments: LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Updated: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Adrian Crum updated OFBIZ-811: ------------------------------ Attachment: (was: ldap_authentication.patch) > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Priority: Trivial > Attachments: LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Updated: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Adrian Crum updated OFBIZ-811: ------------------------------ Attachment: ldap_authentication.patch ldap_authentication.patch has been tested and it works. I set it up to synchronize the user's OFBiz password with the user's LDAP password. > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Priority: Trivial > Attachments: ldap_authentication.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Updated: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wicus updated OFBIZ-811: ------------------------ Comment: was deleted > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Priority: Trivial > Attachments: ldap_authentication.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Updated: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wicus updated OFBIZ-811: ------------------------ Comment: was deleted > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Priority: Trivial > Attachments: ldap_authentication.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Commented: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12605986#action_12605986 ] Adrian Crum commented on OFBIZ-811: ----------------------------------- A note to anyone new to this issue - just apply the most recent patch to your local copy. Ignore the other files - they are there for historical and reference purposes only. > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Priority: Trivial > Attachments: ldap_authentication.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Updated: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Adrian Crum updated OFBIZ-811: ------------------------------ Attachment: ldap_authentication.patch Updated ldap_authentication.patch file. I built it out some more to address the comments made in this issue. 1. The ldap.synchronize.passwords property in framework/security/config/jndiLdap.properties controls if the user's OFBiz password is synchronized with the user's LDAP password. If your objective is to keep user logins and passwords the same, then this should be set to true. 2. The security.ldap.fail.login property in framework/security/config/jndiLdap.properties controls if the login process fails if LDAP authentication fails. The process is no longer "all or nothing" - a user can still log into OFBiz if LDAP authentication fails. 3. Each user login name can have their own Distingiushed Name. I added an entity called UserLdapDn that can be used to give each user their own DN. There is no UI for it, so for now you'll have to manually enter values through the webtools component - https://localhost:8443/webtools/control/FindGeneric?entityName=UserLdapDn&find=true. If the UserLdapDn entity is used, you can still set up the ldap.dn.template property in the framework/security/config/jndiLdap.properties file as a default. This would be useful in cases where most users share a common DN, but some users are exceptions. By the way, I created the entity instead of just adding a field to the existing UserLogin entity because I don't know if we'll need to store additional information for each user. If not, then I'll probably just add the field to the UserLogin entity when I commit it. I'm satisfied with this implementation. If all goes well with testing, I'd like to get it committed to the project. Comments are welcome. > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Priority: Trivial > Attachments: ldap_authentication.patch, ldap_authentication.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Assigned: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Adrian Crum reassigned OFBIZ-811: --------------------------------- Assignee: Adrian Crum > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Assignee: Adrian Crum > Priority: Trivial > Attachments: ldap_authentication.patch, ldap_authentication.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Closed: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Adrian Crum closed OFBIZ-811. ----------------------------- Resolution: Fixed Fixed, rev 669994. Many thanks to those who contributed to this issue and those who commented. > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Assignee: Adrian Crum > Priority: Trivial > Attachments: ldap_authentication.patch, ldap_authentication.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Commented: (OFBIZ-811) Authentication using LDAP
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12606838#action_12606838 ] Si Chen commented on OFBIZ-811: ------------------------------- is there any documentation for this? > Authentication using LDAP > ------------------------- > > Key: OFBIZ-811 > URL: https://issues.apache.org/jira/browse/OFBIZ-811 > Project: OFBiz > Issue Type: New Feature > Components: framework > Environment: all > Reporter: Mohamed Amine AZZI > Assignee: Adrian Crum > Priority: Trivial > Attachments: ldap_authentication.patch, ldap_authentication.patch, LoginServices.java, LoginServices.java.diff, security.properties.diff > > > this feature, would enable Ofbiz users to authenticate their users using an LDAP. I developed that change in response to a customer request who wanted his employees to use the same passwords they use when openning a windows session. > the solution was to recreate the same usernames in the Party manager with an unused password. and redirect the authentication to the LDAP when needed. The choice is made in the security.properties file. all parameters needed to connect to the LDAP are there also. > After authentication all authorizations are taken out from the Party manager. This would give the same feature used by SharePoint, which is called cross privileges > the change is minor as you would see, but very helpfull for people needing the same feature. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
«
Return to OFBiz - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |