Perhaps you want to make your ldap looks like this (assume you're in a
university):
by university organization chart
|
-departmentA
|
-labA
|
-personA
|
-collegeB
|
-branchC
|
-personD
by application roles (each leaf is a member or aliase of organization
chart)
|
-OFBiz
|
-Catalog
|
-USER
|
-personA
|
-ADMIN
|
-personD
If so, you have to change the implement accordingly. It's not difficult
to do so.
Regards,
Shi Jinghai/Beijing Langhua Ltd.
在 2008-08-29五的 02:59 -0700,Wicus写道:
> Hi,
>
> Within framework/security/config/jndiLdap.properties one can specify the
> LDAP - Active Directory integration with ldap.dn.template=cn=%u,cn=Users
>
> Problem is, this will ONLY work with the Administrator account
>
> Note: Users (which is a system folder) is specified as a cn
> whereas custom ou's (ie IT etc) is specified as an ou
>
> To allow this to work with normal users, one can specify via Party Manager
> -> Party ID (Details) -> Edit under User Names -> LDAP Distinguished Name
> the DN as follows i.e.
>
> cn=Christopher Johnstone,ou=IT,ou=Head Office,dc=OURDOMAIN,dc=co,dc=uk
>
> Note: The %u = ChristopherJ <- the logon username
>
> YET for authentication to work, YOU NEED to specify the FULL NAME
> "Christopher Johnstone" !
>
> Can anyone please advice on a variable one can use to forward the FULL NAME
> and NOT the USERNAME?
>
>
>
> Secondly, as we have OUs for different departments, branches etc, ofbiz
> users is spread all across the site, includiing child domains.
>
> I have created a ofbiz OU with a ofbiz group within the ofbiz OU. Then made
> all the related users members of this ofbiz group.
>
> This would be a very efficient solution, should I get it to work... The DN
> specification I tried is:-
>
> cn=Christopher Johnstone,ou=ofbiz,dc=OURDOMAIN,dc=co,dc=uk
>
> Naturally, user Christopher Johnstone (ChristopherJ) is part of the OFBIZ
> group located within the OFBIZ ou.
>
>
> This does not work for me at present though. Any ideas would be greatly
> appreciated.
>
> I hope the addtional notes help others in due time.
>
> Thanks
