[
https://issues.apache.org/jira/browse/OFBIZ-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12604933#action_12604933
]
Adrian Crum commented on OFBIZ-811:
-----------------------------------
There has been considerable discussion on the mailing list about LDAP
integration. In addition, David Jones did a study and proposal on using LDAP
for the entity engine - which can be found on the OFBiz Wiki.
The ideal solution would be to have the option for the OFBiz entity engine to
use LDAP instead of SQL - but that will require a great deal of effort. So far,
no one has stepped forward with funds or manpower to implement it.
A second (less than ideal) solution is to just have an OFBiz user authenticate
to LDAP, and use the standard SQL entity engine for data storage. That is the
solution this Jira issue addresses. Even this "scaled down" solution will take
a lot of work. Again, no one has stepped forward with funds or manpower to
implement it.
I would like to see this effort result in OFBiz's permissions being integrated
into the directory's schema, so that directory tools can be used to control
OFBiz user permissions.
> Authentication using LDAP
> -------------------------
>
> Key: OFBIZ-811
> URL: https://issues.apache.org/jira/browse/OFBIZ-811
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
> Environment: all
> Reporter: Mohamed Amine AZZI
> Priority: Trivial
> Attachments: ldap_authentication.patch, ldap_properties.patch,
> LoginServices.java, LoginServices.java.diff, security.properties.diff
>
>
> this feature, would enable Ofbiz users to authenticate their users using an
> LDAP. I developed that change in response to a customer request who wanted
> his employees to use the same passwords they use when openning a windows
> session.
> the solution was to recreate the same usernames in the Party manager with an
> unused password. and redirect the authentication to the LDAP when needed. The
> choice is made in the security.properties file. all parameters needed to
> connect to the LDAP are there also.
> After authentication all authorizations are taken out from the Party manager.
> This would give the same feature used by SharePoint, which is called cross
> privileges
> the change is minor as you would see, but very helpfull for people needing
> the same feature.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
