On 2/1/07, Allen Gilliland <[EMAIL PROTECTED]> wrote:
Comments inlin
This part sounds wacky to me. The idea that you are already logged in
but you have to register just seems wrong to me. I think that most of
the time when you have many systems sharing a common authentication/sso
service but want local copies of profile data then that should be done
behind the scenes. I think that in Roller's case the sso account data
can automatically be used to create/update a Roller account.
If you look at the data we keep for user profiles then I think it makes
sense that all the data can be automatically synced from the sso session
data ... username, password, fullname, email, locale, timezone.
In this case there is no SSO session, I'm talking only of LDAP
authentication -- not SSO. That's why we have to ask them to login
up-front -- they are not already logged in anywhere.
> To solve those problems above, I'd like to change security.xml to
> include a comments explaining what needs to be done. I'd like to make
> that code change in #7 and I'd like to write up a nice friendly wiki
> page explaining how to configure Roller and LDAP.
I definitely agree with adding comments in the security.xml on what
needs to be done, and I agree that we should have a wiki page describing
the process. I'm not really onboard with #3 and #7 though.
I'm not saying that we can't come up with something better, but If you
want the current LDAP setup to work, then you have to be on board with
#3 and #7.
The absence of of #7 is a bug that prevents our current LDAP
integration from working properly. And adding that invalidate call is
completely harmless. We expect users to be in a logged out state after
registration anyway.
- Dave
