I had suggested an approach that was a little less drastic, but would
still require a lot of work: instead of switching the entire OFBiz
database to LDAP, just switch all of the OFBiz security, permissions
checking, etc over to Apache Directory (an open source LDAP library).
The rest of the OFBiz entities would remain unchanged. There would have
to be considerable interest in making that change before anything would
happen though.
-Adrian
BJ Freeman wrote:
it is more that people don't understand that ofbiz is not a db driven
application. This had me going when I first got started.
Ofbiz generates the DB from the entityengine. So if you could have an
LDAP db source it would be populated by Ofbiz.
http://ofbiz.apache.org/docs/entity.html
Therefore the DB would have the ofbiz type of security.
Without User Login, and Security defined by Ofbiz. the DB should not be
accessible.
Having access to the LDAP db thru any other channel would break the
ofbiz security.
To my knowledge, LDAP has not advanced that far in ofbiz yet.
Shi Jinghai sent the following on 7/21/2008 9:52 PM:
So the current design is ambiguous.
If you want LDAP to be the source db of user management, then the user
info should be synchronized from LDAP to OFBiz when he/she wants to
login OFBiz.
Shi Jinghai/Beijing Langhua Ltd.
在 2008-07-21一的 10:50 -0700,Wicus写道:
Hi Adrian,
Errrr; no users have been created within OFBIZ. (except for Admin etc @
present)
I was under the impression that users would be created automagically within
OFBIZ (the Postgres SQL database) once they are authenticated via the LDAP
server (or Active Directory in this case)
Soooo, all OFBIZ users needs to be created manually within OFBIZ, before
LDAP authentication can take place...?
