Hi,
This is implemented in user core now and I would like to mention some of the
implementation level decisions made while doing the $subject, which are
different from JDBCUserStoreManager.
If you see any flaws or better alternatives, please let me know.
1. 'Everyone role' and 'registry anonymous role' are carbon server specific.
Hence they are not written to LDAP user store.
They are handled by hybrid role manager as it has been done with read only
LDAP user store.
2. In LDAP groups, there's a requirement that at least one user should be a
member.
Therefore;
When creating a role, we need to include at least one user to that
role. Otherwise an error is set to be shown through management console.
Also, when deleting a user, if that user has been the only member of
any of the existing role, user is not allowed to be removed. (As an
alternative, may be we can remove the role also when its last user entry is
removed).
I am wondering whether above would be confusing to user since it is
different from previous behavior.
Then I would like to clarify following things too regarding this:
i. There are some user-level functionalites which include several LDAP
operations. And currently these are not atomic. Do we need to make them
atomic?
(LDAP itself does not support transaction concept. But I read about a
spring API which allows to make LDAP operations atomic[1].)
Currently "WriteLDAPGroups" property is set to false by default in
user-mgt.xml.
Before configuring it to true by default, I would really appreciate any
comments, feedback on the above
[1]
http://static.springsource.org/spring-ldap/docs/1.3.x/reference/html/transactions.<http://static.springsource.org/spring-ldap/docs/1.3.x/reference/html/transactions.html>
Thanks,
Hasini.
_______________________________________________
Carbon-dev mailing list
[email protected]
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
