Tryton Ldap Integration

84 Aufrufe
Direkt zur ersten ungelesenen Nachricht

udono

ungelesen,
12.12.2008, 11:45:1012.12.08
an Tryton
Hi all,

X0d_of_N0d and me (udono) have started a prototype for a Tryton
connection to a LDAP service for login and session authentication. Due
hacking some problems, we started to discuss the general
implementation which is not ideal for Tryton.
I like to invite you all to talk with us for a better design:
http://code.google.com/p/tryton/wiki/TrytonLDAPIntegration
Feel free to just edit the page without request, since it is
versioned:
http://code.google.com/p/tryton/source/browse/wiki/TrytonLDAPIntegration.wiki

Or just comment her under this topic.

Cheers Udo

Cédric Krier

ungelesen,
13.12.2008, 12:27:2913.12.08
an try...@googlegroups.com
About the place to store the connection configuration, I think that
Tryton must handle only parameters for one LDAP server that is why I
suggest to put it in the trytond.conf.

About the authentification, there is two possibilities:

- Use one LDAP user to connect to LDAP server and try authentification
for the Tryton user.

- Use the Tryton user to try to connect to LDAP with his password.

About the Trust LDAP, for me if you setup a LDAP authentification, it is
to trust it othewise don't use it.

About the synchronisation of user, I think we must:

- Create user in Tryton on the fly if it doesn't exist and if it succeed
to authenticate in LDAP. The problem is for the configuration of the
user like the company, the groups etc.
- It will not be possible to remove user from Tryton as it can be
foreign key for some tables.
- I think that we don't need of a sync program

--
Cédric Krier

B2CK SPRL
Rue de Rotterdam, 4
4000 Liège
Belgium
Tel: +32 472 54 46 59
Email: cedric...@b2ck.com
Jabber: cedric...@b2ck.com
Website: http://www.b2ck.com/

Mathias Behrle

ungelesen,
16.12.2008, 13:41:3616.12.08
an try...@googlegroups.com
* Betr.: " [tryton] Re: Tryton Ldap Integration" (Sat, 13 Dec 2008 18:27:29
+0100):

> About the place to store the connection configuration, I think that
> Tryton must handle only parameters for one LDAP server that is why I
> suggest to put it in the trytond.conf.

Shouldn't the configuration for the LDAP server be per company?

signature.asc

Cédric Krier

ungelesen,
16.12.2008, 14:08:5216.12.08
an try...@googlegroups.com

I think that you will have one server per Tryton install.

Udono

ungelesen,
16.12.2008, 15:26:2516.12.08
an try...@googlegroups.com
Am Dienstag, den 16.12.2008, 20:08 +0100 schrieb Cédric Krier:
> On 16/12/08 19:41 +0100, Mathias Behrle wrote:
> > * Betr.: " [tryton] Re: Tryton Ldap Integration" (Sat, 13 Dec 2008 18:27:29
> > +0100):
> >
> > > About the place to store the connection configuration, I think that
> > > Tryton must handle only parameters for one LDAP server that is why I
> > > suggest to put it in the trytond.conf.
> >
> > Shouldn't the configuration for the LDAP server be per company?
>
> I think that you will have one server per Tryton install.
Is there any special restriction in Tryton, to better use only one LDAP
server defined in the trytond.conf file?
Or is it a question of design?
Xod of N0d and me are planning multiple LDAP resources as a service for
other modules like ldap_auth or ldap_party.
http://code.google.com/p/tryton/wiki/TrytonLDAPIntegration

What do you think?

Cédric Krier

ungelesen,
16.12.2008, 14:52:1116.12.08
an try...@googlegroups.com

I think that the best for performence is to keep a pool of LDAP
connection like we do for the PostgreSQL.
And I think that we must see LDAP like an other kind of database to
store user info (and later perhaps party info).

So for that I'm thinking about putting the security mecanism check on
res.user model. But I'm not yet sure about this.

Allen antworten
Antwort an Autor
Weiterleiten
0 neue Nachrichten