Wicus, Your description of the OFBiz LDAP integration is correct.
The template in framework/security/config/jndiLdap.properties is intended to be used in simple installations where all OFBiz users are in a single OU. The LDAP Distinguished Name field in Party Manager is intended to be used in more complicated installations like the one you described. I disagree with you that the template "will ONLY work with the Administrator" - we use the template here and all users can log in without any problems. The problem you are encountering is specific to Active Directory. Your solution to fix it is a good idea. If I understand you correctly, you want to use the template - but instead of using %u for the user login name, you would like to use a different variable (or variables), say %l for last name, and %f for first name. If that is the case, you could modify your local copy to do that and test your idea. If it is successful, then you can submit a patch to Jira and I will get it committed. -Adrian --- On Fri, 8/29/08, Wicus <[EMAIL PROTECTED]> wrote: > From: Wicus <[EMAIL PROTECTED]> > Subject: LDAP - Active Directory > To: [email protected] > Date: Friday, August 29, 2008, 2:59 AM > Hi, > > Within framework/security/config/jndiLdap.properties one > can specify the > LDAP - Active Directory integration with > ldap.dn.template=cn=%u,cn=Users > > Problem is, this will ONLY work with the Administrator > account > > Note: Users (which is a system folder) is specified as a cn > > whereas custom ou's (ie IT etc) is specified > as an ou > > To allow this to work with normal users, one can specify > via Party Manager > -> Party ID (Details) -> Edit under User Names -> > LDAP Distinguished Name > the DN as follows i.e. > > cn=Christopher Johnstone,ou=IT,ou=Head > Office,dc=OURDOMAIN,dc=co,dc=uk > > Note: The %u = ChristopherJ <- the logon username > > YET for authentication to work, YOU NEED to specify the > FULL NAME > "Christopher Johnstone" ! > > Can anyone please advice on a variable one can use to > forward the FULL NAME > and NOT the USERNAME? > > > > Secondly, as we have OUs for different departments, > branches etc, ofbiz > users is spread all across the site, includiing child > domains. > > I have created a ofbiz OU with a ofbiz group within the > ofbiz OU. Then made > all the related users members of this ofbiz group. > > This would be a very efficient solution, should I get it to > work... The DN > specification I tried is:- > > cn=Christopher Johnstone,ou=ofbiz,dc=OURDOMAIN,dc=co,dc=uk > > Naturally, user Christopher Johnstone (ChristopherJ) is > part of the OFBIZ > group located within the OFBIZ ou. > > > This does not work for me at present though. Any ideas > would be greatly > appreciated. > > I hope the addtional notes help others in due time. > > Thanks > -- > View this message in context: > http://www.nabble.com/LDAP---Active-Directory-tp19217057p19217057.html > Sent from the OFBiz - User mailing list archive at > Nabble.com.
