Well i hav a LDAP server having three different ou's....one each for staff, student and faculty... to use it i changed the SystemGlobalProperties as per requirement....except one..... what paramenters do i need to write in the ldap.login.suffix........i hav not been able to figure it out....additionally what can be done to allow veiw of selected forums.....
e.g. if u r a faculty or staff u can veiw all the forums...bbut if u r student u can only veiw general forums........
Thanx in advance for any sort of reply and help................. [originally posted on jforum.net by sourav.bardhan]
Haven't checked the code, but my memory of the JForum LDAP authenticator is that it can only use one ou (but may search for user info in OUs below that one).
Given what you have described, I think you'll need to write your own implimentation to get this to happen.
FWIW, when doing any SSO integration there are actually three main functions that need to be considered.
1) Authentication - Verifying that the user is who they say they are.
2) Information - e.g. real name, e-mail, avatar, and the like
3) Authorization - What can the user do?
Often people mix up all these function and call it Authentication. But you really need to consider each of these areas separately.
In addition, you need to consider how much each of these area's changes and how you need to manage the changes. I tend to think of these factors as representing how "tightly" integrated you want to make JForum with your application.
It is possible to tightly integrate all three functions into an existing service that supplies these functions. So that JForum User objects get applicable user information (like name, e-mail, etc) from your application when they are created. And that JForum's group membership is based on a non-Jforum information.
However, tightly integrated means highly customized since there are few standards that cover all these areas and each application you're integrating with is different. To do this means using the JForum SSO mechanism to deal with authentication and the DAO mechanism to deal with user information and authorization.
On the other hand, it is also possible to "loosely" integrate Jforum with an external application. This is generally done by using the SSO mechanism to populate the Jforum db with the initial user information and group membership the first time a user logs on. This can be done by just using the SSO mechanism and if much simpler to code.
well monroe what do i need to write to implement it......... canu give an example of it ...... any script that can guide me in it........ ??? i hav tried a few but could not do it properly....... what code do i need to write to get the restrictions i need to implement........ [originally posted on jforum.net by sourav.bardhan]
What functionality do you want? Loosely integrated or tightly integrated.
Loose is the easiest, so I would look at the code for the LDAPAuthenticator. It shows how to authenticate/create a user for a specific OU. You need to check 3 OUs... so just try then in some order looking to see if the id/password matches.
If you find a valid one, call a modified version of the SSOUtils.register method that will create a jForum id with membership in the correct jForum group.
Tight integration requires that you roll up your sleeve's and delve into the code to figure out how to do it. The keys to this are the userDAO and group*DAO implimentations.
The rest is left as an exercise for the reader.... [originally posted on jforum.net by monroe]