On Tue, Sep 25, 2012 at 1:33 PM, Amila Jayasekara <[email protected]>wrote:
> Hi Brian, > > I was also looking for User Management through Shiro some time back. > But end up writing my own code to write to LDAP. Even thought there > are number of permutations to store user information, I believe its > beneficial to have a generic model to write to LDAP. > Even during authentication Shiro uses a DN template. To my > understanding if users are stored in multiple OU's Shiro will not be > able to do authentication. Cos we can give only a single DN pattern. > (Please correct me if I am wrong) > You could extend the realm to do more complicated things. Many companies have complicated LDAP setups due to mergers, business units, etc. Some want to control roles via LDAP some cannot. > > In most of the cases, users are stored in a single OU and roles are > stored in a another OU. Assuming this structure we can build an API > which does user and role management. > I originally put out LDAP as an example because that were I personally have seen a bunch of different configurations. The larger topic is more framework based, LDAP user management is just a detail. Also, I've gone down this path before for Nexus's security<https://github.com/sonatype/security/tree/master/security-system/src/main/java/org/sonatype/security/usermanagement>, it has plugable user management per realm, which works well for basic user management, but it is not a one size fits all solution. This could be done in a nice generic way, but I think it is outside the scope of the this project (but that is my take on it). > > Thank you > Regards, > Amila > > On Tue, Sep 25, 2012 at 9:10 AM, Brian Demers <[email protected]> > wrote: > > I think it is outside the scope. User management done right is a whole > > library all by it self. > > > > Take LDAP for example, everyone uses LDAP differently, There are a lot > of > > different permutations when it comes to reading users, let alone writing > > users. Then you could think about the JDBC realm, which again is going to > > have a similar problem. Then you could get into the complexity of name > > structure ( first + last vs multiple > > names< > http://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/ > >) > > > > > > That said, I know (having been there before) there is a need for a simple > > version of this logic which includes things like: new user registration, > > easy way to get the users name, change password, reset password, etc. > > > > Where something like this fits, I am not sure, but I have a feeling there > > are other opinions on this list. > > > > > > On Mon, Sep 24, 2012 at 7:46 PM, chirnag <[email protected] > >wrote: > > > >> I want to check if 'user registration' is possible through Shiro api. > >> > >> I understand Shiro is not meant for user management but for > authentication. > >> As Realm has all the information related to datasource, are there any > plans > >> to add encryption and insert/update of user records with new/updated > >> password etc? > >> > >> This helps us leave entire process of 'user login' to Shiro. > >> > >> Thanks, > >> Nag > >> > >> > >> > >> -- > >> View this message in context: > >> > http://shiro-developer.582600.n2.nabble.com/New-user-registration-through-Shiro-tp7577686.html > >> Sent from the Shiro Developer mailing list archive at Nabble.com. > >> >
