isis-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kambiz Darabi <dar...@m-creations.com>
Subject Isis security module questions
Date Thu, 12 May 2016 11:31:06 GMT
Hi,

we are trying to use the security module which would be a perfect fit
for our needs if it had a fully LDAP based implementation.

To make things even more difficult, we are building up an infrastructure
where several domains with separate databases exist.

Problem 1: the JDO annotations of the domain objects in the module
obviously don't use the DataNucleus extension to specify a different
data store than the default one.

This leads to users/roles being created in the 'default data store' of
the respective service and we are not easily able to redirect the
security related persistence towards a central 'security database'.

Problem 2: a fully LDAP based implementation is what the customer needs

If an LDAP backend is present in a company, then one would expect to
handle all of the authentication/authorisation issues on that side
without the need to have an additional database which might get out of
sync with the single source of truth which should be LDAP.

We have found out that DataNucleus even has an LDAP data store
implementation.

Would it be possible to implement a fully LDAP based backend for the
security module? We would be willing to invest some effort, if you could
guide us on how to tackle the problem.

Thanks


Kambiz


Kambiz Darabi
-- 
m-creations gmbh
Acker 2
55116 Mainz
Germany

W: http://www.m-creations.com
E: darabi@m-creations.com
T: +49 6131 6224417
F: +49 6131 6224418
--
Registered Office: Mainz, HRB Mainz 7382
Managing Directors: Frank Pacholak, Kambiz Darabi

Mime
View raw message