Menu
▾
▴
Re: [Logicaldoc-devel] Authentication against LDAP and Active Directory
|
From: <m.m...@lo...> - 2008-10-28 07:39:55
|
Yes you have understood all things, except the fact that we have to use
LDAP/Active Directory for authentication only because the authorization
will be done using LogicalDOC security objects (users,groups,menus).
I propose you an idea, tell me what do you think:
* The user authenticate inputs username and password in the
LogicalDOC login form
* Il the user exists in the DB all things go normally
* If the user doesn't exist, the LDAP/ActiveDirectory will be
accessed and authentication will be done against LDAP/ActiveDirectory
* LogicalDOC creates the user in the DB and assigns to it all the
groups specidied by LDAP/ActiveDirectory
* From this point all security issues will be handled with
LogicalDOC security system
This is only an idea, feel free to express your own thoughts and proposals.
Even ACEGI is only an idea, ACEGI is well itegrated with Spring and it's
pluggable mechanism allows us to integrate various stores such as LDAP
and ActiveDirectory.
But the use of ACEGI is not a must, you can propose other alternatives.
Many Thanks Rajiv
Rajiv wrote:
> Sure Marco, I will start looking at the existing security code right away.
> As far as ACEGI is concerned, I have not used it in any project but
> have worked with other java libraries for LDAP binding/communication.
> However, I will go through ACEGI docs once to get an idea.
>
> Now, if I understand the requirements right, as of now DB holds the
> user, group and permission info and going forward, this info would be
> populated in a LDAP server. Everytime a user logs in to the
> application he will have to be authenticated and all his actions will
> have to be authorised using the LDAP server. The authorisation is done
> at the menu level so certain users (belonging to a group) have access
> to some menu items and not to other groups menu items.
>
> As for the LDAP server to be used, I have used Sun Java Directory
> Servers in a few projects and have found it to be good (besides being
> free :-). Its easy to setup and configure on windows/unix platforms
> and has pretty good documentation too. Besides, the LDAP server
> integration with the application can be done through JNDI so ideally
> any LDAP server can be used.
>
> Let me know if my understanding of the requirements is right.
>
> _Rajiv
>
> PS - will keep you posted on the progress.
>
---------------------------------------------------------------
ing. Marco Meschieri
e-mail: m.m...@lo... <mailto:m.m...@lo...>
---------------------------------------------------------------
Logical Objects snc
Via Bonasi, 2/A 41012 Carpi (MO) Italy
Tel./Fax. 059 688969
web: http://www.logicalobjects.it
--
AVVERTENZE AI SENSI DEL DLGS 196/2003:
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i, sono da considerarsi strettamente riservate. Il
loro utilizzo e' consentito esclusivamente al destinatario del
messaggio, per le finalita' inidcate nel messaggio stesso. Qualora
riceveste questo messaggio senza esserne il destinatario Vi preghiamo
cortesemente di darcene notizia via e-mail e di procedere alla
distruzione del messaggio stesso, cancellando dal vostro sistema;
costituisce comportamento contrario ai principi dettati dal Dlgs196/2003
il trattenere il messaggio stesso, divulgandolo anche in parte,
distribuirlo ad altri soggetti,copiarlo, od utilizzarlo per
finalita'diverse. Titolare del trattamento e' Logical Objects SNC Via
Bonasi 2/A 41012 CARPI (MO) Tel. 059/688969 Fax 059/688969
This e-mail and any file transmitted with it is intended only for the
person or entity to which is addressed and may contain information that
is privileged, confidential or otherwise protected from disclosure.
Copying, dissemination or use of this e-mail or the information herein
by anyone other than the intended recipient is prohibited. If you have
received this e-mail by mistake, please notify us immediately by
telephone or fax. Proprietor of treatment is Logical Objects SNC Via
Bonasi 2/A 41012 CARPI (MO) Tel. 059/688969 Fax 059/688969
|
