About the authentification, there is two possibilities:
- Use one LDAP user to connect to LDAP server and try authentification
for the Tryton user.
- Use the Tryton user to try to connect to LDAP with his password.
About the Trust LDAP, for me if you setup a LDAP authentification, it is
to trust it othewise don't use it.
About the synchronisation of user, I think we must:
- Create user in Tryton on the fly if it doesn't exist and if it succeed
to authenticate in LDAP. The problem is for the configuration of the
user like the company, the groups etc.
- It will not be possible to remove user from Tryton as it can be
foreign key for some tables.
- I think that we don't need of a sync program
--
Cédric Krier
B2CK SPRL
Rue de Rotterdam, 4
4000 Liège
Belgium
Tel: +32 472 54 46 59
Email: cedric...@b2ck.com
Jabber: cedric...@b2ck.com
Website: http://www.b2ck.com/
> About the place to store the connection configuration, I think that
> Tryton must handle only parameters for one LDAP server that is why I
> suggest to put it in the trytond.conf.
Shouldn't the configuration for the LDAP server be per company?
What do you think?
I think that the best for performence is to keep a pool of LDAP
connection like we do for the PostgreSQL.
And I think that we must see LDAP like an other kind of database to
store user info (and later perhaps party info).
So for that I'm thinking about putting the security mecanism check on
res.user model. But I'm not yet sure about this.