[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Split user management

Subject: Re: Split user management
From: Shawn McKinney <shawn.mckinney@joshuatreesoftware.us>
Date: Mon, 10 Sep 2012 05:37:07 -0500
Cc: "openldap-fortress@openldap.org" <openldap-fortress@openldap.org>, Bruno.MARCON@thalesgroup.com
In-reply-to: <CABx1NtM3+sLyELu+C=CcBjcQjJgFhHdS550y3tkL9=v=-7ErRA@mail.gmail.com>
References: <CABx1NtM3+sLyELu+C=CcBjcQjJgFhHdS550y3tkL9=v=-7ErRA@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1

On 09/07/2012 08:57 PM, Shawn McKinney wrote:

More questions: What interactions should Fortress have with theexternal directory - should it be capable of binding, reading userattributes, i.e. group assignments? What about provisioning - shouldthe Fortress AdminMgr APIs be capable of provisioning user data intothe external directory?

One point needs to be clarified here:

If the intent is not to maintain interactions in the manner pointed outabove, you should be able to use Fortress alongside the user managementsystem of your choice today. The fortress user object still needs to beprovisioned, but the password and user demographics data need not beloaded nor maintained.

When utilizing Fortress in this manner, don't set the User's passwordattribute but do set the the 'isTrusted' boolean parameter to 'true'when you call the createSession API.


    public Session createSession(User user, boolean isTrusted)
        throws SecurityException;

Follow-Ups:
- RE: Split user management
  - From: MARCON Bruno <Bruno.MARCON@thalesgroup.com>

References:
- Re: Split user management
  - From: Shawn McKinney <shawn.mckinney@joshuatreesoftware.us>

Prev by Date: Re: Split user management
Next by Date: RE: Split user management
Index(es):
- Chronological
- Thread