I was thinking more along the lines of having a conversion or interpretation layer that displays ofbiz in LDAP format. http://www.faqs.org/rfcs/rfc2849.html This way it is a layer upon ofbiz but does not effect ofbiz internals The problem is that LDAP does not support the way ofbiz works. so there would be a lot of operation not available. the CRUD operation would have to be mapped to the services.
Before I get to deep in this have to study it more :) Adrian Crum sent the following on 7/22/2008 7:41 AM: > I had suggested an approach that was a little less drastic, but would > still require a lot of work: instead of switching the entire OFBiz > database to LDAP, just switch all of the OFBiz security, permissions > checking, etc over to Apache Directory (an open source LDAP library). > The rest of the OFBiz entities would remain unchanged. There would have > to be considerable interest in making that change before anything would > happen though. > > -Adrian > > BJ Freeman wrote: >> it is more that people don't understand that ofbiz is not a db driven >> application. This had me going when I first got started. >> >> Ofbiz generates the DB from the entityengine. So if you could have an >> LDAP db source it would be populated by Ofbiz. >> http://ofbiz.apache.org/docs/entity.html >> >> Therefore the DB would have the ofbiz type of security. >> Without User Login, and Security defined by Ofbiz. the DB should not be >> accessible. >> >> Having access to the LDAP db thru any other channel would break the >> ofbiz security. >> >> To my knowledge, LDAP has not advanced that far in ofbiz yet. >> >> Shi Jinghai sent the following on 7/21/2008 9:52 PM: >>> So the current design is ambiguous. >>> >>> If you want LDAP to be the source db of user management, then the user >>> info should be synchronized from LDAP to OFBiz when he/she wants to >>> login OFBiz. >>> >>> Shi Jinghai/Beijing Langhua Ltd. >>> >>> 在 2008-07-21一的 10:50 -0700,Wicus写道: >>>> Hi Adrian, >>>> >>>> Errrr; no users have been created within OFBIZ. (except for Admin >>>> etc @ >>>> present) >>>> >>>> I was under the impression that users would be created automagically >>>> within >>>> OFBIZ (the Postgres SQL database) once they are authenticated via >>>> the LDAP >>>> server (or Active Directory in this case) >>>> >>>> Soooo, all OFBIZ users needs to be created manually within OFBIZ, >>>> before >>>> LDAP authentication can take place...? >>>> >>> >>> >>> >> >> >> > > >
