manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CONNECTORS-563) Extended LDAP authority connector
Date Fri, 16 Nov 2012 15:02:12 GMT

    [ https://issues.apache.org/jira/browse/CONNECTORS-563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498846#comment-13498846
] 

Karl Wright commented on CONNECTORS-563:
----------------------------------------

I reviewed the code.  The only problem I have with it is that the way the new parameters are
handled is not consistent with good practice.  Specifically, someone would need to edit their
existing authority connection in order for the new code to work properly (I think).

I see this when the post method uses copyParam2:

+    copyParam2(variableContext, parameters, "ldapGroupMemberDn");
+    copyParam2(variableContext, parameters, "ldapAddUserRecord");
+    copyParam2(variableContext, parameters, "ldapBindUser");

The post method must not set a value if the variable does not exist.  Instead, the rest of
your code must check for a non-existent parameter value, and use a default value in that case,
in order to make the authority connector backwards compatible.
 
                
> Extended LDAP authority connector
> ---------------------------------
>
>                 Key: CONNECTORS-563
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-563
>             Project: ManifoldCF
>          Issue Type: Improvement
>          Components: LDAP authority
>            Reporter: Maciej Lizewski
>         Attachments: CONNECTORS-563-JapanesetTranslation.patch, CONNECTORS-566-JapanesetTranslation.patch
>
>
> 1. possibility to include username in authority tokens (because tokens are mapped to
filesystem privileges there may be per-group rights or per-user right assigned to documents,
so it is necessary to check for user permissions also)
> 2. possibility to search groups by user name or user DN (there are two usage scenarios
involving GroupOfNames/UniqueGroupOfNames and PosixGroups. First one needs to search by DN,
the other by user name/uid)
> 3. allow binding to LDAP server with specified credentials

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message