-
Notifications
You must be signed in to change notification settings - Fork 55
Proposal #2: implement a new optional module to fetch users and groups from ldap
Andrea Aime edited this page Oct 6, 2014
·
1 revision
A centralized repository of users and groups/roles for the ecosystem where GeoFence is usually deployed (together with GeoServer) integration with common repository types could be a plus for GeoFence. LDAP servers are a widely used example of centralized users/groups repository.
We propose to:
- Integrate users and groups fetching from an LDAP server through a pluggable and optional module
- When fetched from LDAP, users and groups become read-only in the Admin interface
The LDAP module will define alternative implementations for the GSUserDAO and UserGroupDAO interface to:
- fetch users and groups, respectively, from the configured LDAP server
- disable write actions on user and groups
Moreover, the module will also define an alternative RuleDAO implementation to:
- synchronize internal (db) users and groups with LDAP ones when access rules are created / changed
In a second phase we could think to:
- generalize the LDAP module approach to allow for more kinds of remote repositories
- implement some form of caching for LDAP operations, since they tend to be slow, usually
_Created from issue #37