Hi, On Wed, Mar 9, 2011 at 4:10 PM, Hasini Gunasinghe <[email protected]> wrote:
> Hi, > > This is implemented in user core now and I would like to mention some of > the implementation level decisions made while doing the $subject, which are > different from JDBCUserStoreManager. > If you see any flaws or better alternatives, please let me know. > > 1. 'Everyone role' and 'registry anonymous role' are carbon server > specific. Hence they are not written to LDAP user store. > They are handled by hybrid role manager as it has been done with read only > LDAP user store. > > +1 > 2. In LDAP groups, there's a requirement that at least one user should be a > member. > Therefore; > When creating a role, we need to include at least one user to that > role. Otherwise an error is set to be shown through management console. > Also, when deleting a user, if that user has been the only member > of any of the existing role, user is not allowed to be removed. (As an > alternative, may be we can remove the role also when its last user entry is > removed). > > I am wondering whether above would be confusing to user since it is > different from previous behavior. > I think if we give a proper error message to minimize confusion. > > Then I would like to clarify following things too regarding this: > > i. There are some user-level functionalites which include several LDAP > operations. And currently these are not atomic. Do we need to make them > atomic? > Shall we list these specific functions? Then we can discuss and see whether atomicity is a must. Thanks, Dimuthu > (LDAP itself does not support transaction concept. But I read about a > spring API which allows to make LDAP operations atomic[1].) > > Currently "WriteLDAPGroups" property is set to false by default in > user-mgt.xml. > Before configuring it to true by default, I would really appreciate any > comments, feedback on the above > > [1] > http://static.springsource.org/spring-ldap/docs/1.3.x/reference/html/transactions.<http://static.springsource.org/spring-ldap/docs/1.3.x/reference/html/transactions.html> > > Thanks, > Hasini. >
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
