|

Extending LDAP support to include authorization

View: New views

5 Messages — Rating Filter: Alert me

	Extending LDAP support to include authorization by Manos Batsis :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello, We are very interested in implementing this. Any pointers, ideas or whatnot (i.e. LDAP schema additions) welcome. Thanks, Manos ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ j-trac-users mailing list j-trac-users@... https://lists.sourceforge.net/lists/listinfo/j-trac-users
	Re: Extending LDAP support to include authorization by Dennis Hopp :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message One way to do it would just do a simple mapping. So in the JTrac application give an administrator a way to say what LDAP groups map to what JTrac Roles. When a user logs in, get the groups he/she is a member of, do the mapping to any roles as necessary and assign authorization that way. That way your underlying authorization code wouldn't have to be changed that much, just your login code. I can't think of any LDAP schema changes that would have to be done doing it this way. --Dennis -----Original Message----- From: j-trac-users-bounces@... [mailto:j-trac-users-bounces@...] On Behalf Of Manos Batsis Sent: Thursday, September 13, 2007 7:08 AM To: JTrac users mailing-list Subject: [jtrac-users] Extending LDAP support to include authorization Hello, We are very interested in implementing this. Any pointers, ideas or whatnot (i.e. LDAP schema additions) welcome. Thanks, Manos ------------------------------------------------------------------------ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ j-trac-users mailing list j-trac-users@... https://lists.sourceforge.net/lists/listinfo/j-trac-users ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ j-trac-users mailing list j-trac-users@... https://lists.sourceforge.net/lists/listinfo/j-trac-users
	Re: Extending LDAP support to include authorization by Manos Batsis :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Dennis, Many thanks for your reply. Dennis Hopp wrote: > One way to do it would just do a simple mapping. So in the JTrac > application give an administrator a way to say what LDAP groups map to > what JTrac Roles. When a user logs in, get the groups he/she is a > member of, do the mapping to any roles as necessary and assign > authorization that way. I'm not sure how that would work for my or other complex cases as roles in my app are not global (i.e. do not apply to all spaces). I'm working on a deployment for a 2 or digit number of spaces and thousands of users. I was just thinking about space specific pseudo-entries like: cn: Space1 member: username1 member: username2 member: usernameN spaceLead: usernameX WDYT? Manos ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ j-trac-users mailing list j-trac-users@... https://lists.sourceforge.net/lists/listinfo/j-trac-users
	Re: Extending LDAP support to include authorization by ptrthomas :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On 9/13/07, Manos Batsis <manos_lists@...> wrote: Hi Dennis, Many thanks for your reply. Dennis Hopp wrote: > One way to do it would just do a simple mapping. So in the JTrac > application give an administrator a way to say what LDAP groups map to > what JTrac Roles. When a user logs in, get the groups he/she is a > member of, do the mapping to any roles as necessary and assign > authorization that way. I'm not sure how that would work for my or other complex cases as roles in my app are not global (i.e. do not apply to all spaces). I'm working on a deployment for a 2 or digit number of spaces and thousands of users. I was just thinking about space specific pseudo-entries like: cn: Space1 member: username1 member: username2 member: usernameN spaceLead: usernameX WDYT? Manos From what little I've seen of LDAP so far, it looks like people have widely different conventions and requirements for auto-mapping. I was thinking that for now we could make this pluggable - so end users can implement an interface, add the class to the classpath and have this work the way they want. Do let me know what you think. Thanks, Peter. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ j-trac-users mailing list j-trac-users@... https://lists.sourceforge.net/lists/listinfo/j-trac-users
	Re: Extending LDAP support to include authorization by Michael Gerzabek :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Peter, thanks you for JTrack. It's really a great piece of software. It's very light compared to Jira but has the core features that are really important. Looking at the roadmap I'm really keen on the timetracking facility. @ldap I would appreciate if there'd be an interface to authorize user from ldap. That would make central administration possible. Regards, Michael Gerzabek -- michaelgerzabek.com® - Business The Artist's Way ptrthomas wrote: From what little I've seen of LDAP so far, it looks like people have widely different conventions and requirements for auto-mapping. I was thinking that for now we could make this pluggable - so end users can implement an interface, add the class to the classpath and have this work the way they want. Do let me know what you think. -- michaelgerzabek.com® - Business The Artist's Way