Hi Deep, 1) Cannot we configure the OU not to be WSO2, but to be something else? actually forcing to look at WSO2 OU does not make sense at all.
2) Cannot we have tenant domain instead of wso2.org rather than encoding it in the user name? --Srinath On Mon, Aug 5, 2013 at 9:30 AM, Deependra Ariyadewa <[email protected]> wrote: > Hi All, > > Current Carbon user implementation can not issue a Kerberos ticket to > a tenant user. Carbon Kerberos component only searches user principles > in ou=Users,dc=wso2,dc=org .This limitation can overcome by allowing > Kerberos component to search entire LDAP tree for users. > > Also we need some modification in Carbon user add operation. Existing > user add operation add super tenant Kerberos ticket to LDAP eg : > [email protected]. We need to embed the tenant information to the > Kerberos user principle to use it in other spaces eg > username/tenantDomain/WSO2.ORG , [email protected] . > > If we want to map tenant kerberos principal to a system follows a flat > structure like a file system, we have to use a kerberos principal in > the format of [email protected] or > [email protected]. > > I like to have this modification in upcoming Carbon 4.2.0. I would > really appreciate your comments and feedbacks on my suggestion. > > Thanks, > > Deependra. > > > > -- > Deependra Ariyadewa > WSO2, Inc. http://wso2.com/ http://wso2.org > > email [email protected]; cell +94 71 403 5996 ; > Blog http://risenfall.wordpress.com/ > PGP info: KeyID: 'DC627E6F' > > WSO2 - Lean . Enterprise . Middleware > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- ============================ Srinath Perera, Ph.D. http://people.apache.org/~hemapani/ http://srinathsview.blogspot.com/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
