批注 2022-08-03 094310.png - ConcourseSuite Support image

ConcourseSuite Support

Support
http://concursive.com/help/en_us/
Corporate
PUBLIC PROFILE

Back to topics

Discuss Integration Projects

User groups, ACL and LDAP

You need to be logged in to post messages

User groups, ACL and LDAP

4/20/2005 12:31 PM EDT
Default user photo

By Peter Kehl

Hello,

we've tested Centric CRM and we like it.

However, we need to have capability to organize users in groups, and have data ACL (access control list) based on their group membership. That might be implemented by using customized owner and group fields, which would be checked in JSP and servlet layers.

We'd like to authenticate against LDAP rather than database.

Could you let us know whether you're planning to implement these or similar features, and when it may be expected.

In case we choose this direction and implement the above features ourselves, we'd be happy to contribute to Centric CRM.

Best regards,

Peter Kehl

1. 4/20/2005 2:57 PM EDT (edited)
Tom M. photo

By Tom Manos

Hi Peter,

Thanks for evaluating Centric CRM, and I'm glad you like it.

We have one community member who has done an LDAP integration, but has not yet contributed their code. Last I heard, they were using it internally (are you listening, Adam?).

I would think the LDAP integration would not be such a big job. The ACL piece seems both very interesting and more substantial. We've had others interested in something similar in the past.

On both counts we would be happy to have you as a development partner and would provide whatever assistance we could to make your job easy and successful as possibe, including help with internal architecture and such. In order to make your code maintainable by our core team so we can carry it forward to new versions, we would ask only that you follow some common sense development rules and work closely with our core development team.

If you are really interested in taking some of this on, I could contact you offline, and we could discuss how to proceed. We'd probably end up building a public project to document the work and solicit community advice and support.

We're pretty flexible, just let me know how you'd like to proceed.

Thanks again for your interest and support!

Tom

2. 4/25/2005 2:32 PM EDT
Default user photo

By Peter Kehl

Community,

we've got LDAP authentication working with Centric CRM 3.0 test 2.

- user details are stored in Centric's DB as before
- LDAP is authorative password source; password change in Centric CRM has no effect, and doesn't write to LDAP

Mapping to LDAP object:
--- username(Centric) === email(LDAP)

When user logs in:
- login module connects to LDAP read-only
- their username===email is searched for in LDAP
- if they are found in LDAP exactly once, their DN and password they entered is used to authenticate against LDAP
- if everything was OK, user is let in to Centric CRM

TODO:
- how to store LDAP settings in Centric CRM config files, and GUI to configure them
- how to map user between DB <-> LDAP - options/tips above
- how to configure DB <-> LDAP user mapping

3. 4/26/2005 12:16 PM EDT
Default user photo

By Boris Kraft

Just to clarify - would it not be interesting to have a common address book functionality? centric could either be an LDAP server (should not be so hard) so that I can connect with my clients to view the data there; or all user/address info should be externalized on an LDAP server, so address maintenance is done outside of centric. Best of all would be two way, of course :-)

The goal would be to maintain addresses only once, and do so from your standard client (well, which one can write to LDAP, but oh well, one can dream), and all apps have access to that info.

What you do is more like a single sign on solution, it seems. Do you plan to extend into above directions?

Cheers
Boris Kraft

3 results found