Today we started developing our latest plugin, the LDAP plugin for Servoy. No clear outlines yet, just an announcement.
When you want or need any special features I suggest you post them to the forum that we created for this plugin Servoy Components – Plugins, Beans, Web Components, Angular Services & Servoy Developer Consulting.
IT2Be:
Today we started developing our latest plugin, the LDAP plugin for Servoy. No clear outlines yet, just an announcement.When you want or need any special features I suggest you post them to the forum that we created for this plugin Servoy Components – Plugins, Beans, Web Components, Angular Services & Servoy Developer Consulting.
Marcel:
Any news on your LDAP Plugin?
Thanks,
Lee
Hi Lee,
Basic functionality is ready, for quite some time to be honest. Have done some limited testing and it worked.
However, a real live test has not been done (yet) and due to what looks like limited interest until today I have given the Calendar bean full attention next to the other things going on here.
What is it you expect from the plugin (so I can tell what will and won’t work for you) and when do you need it…
Cheers,
IT2Be:
Hi Lee,Basic functionality is ready, for quite some time to be honest. Have done some limited testing and it worked.
However, a real live test has not been done (yet) and due to what looks like limited interest until today I have given the Calendar bean full attention next to the other things going on here.
What is it you expect from the plugin (so I can tell what will and won’t work for you) and when do you need it…
Cheers,
Marcel:
Basically, I want to reproduce the functionality we have in FM8. I want to be able to define my users and Groups on my Windows Domain server and tie that to my Group privs in Servoy. I would like to go one step further then what FM allows right now.
At the moment, FM8 basically only allows a “one to one” relationship between the FM Security Groups, and Domain Groups for a particular user. That’s fine in many cases, and if that’s the case, I would like to have “single sign on” functionality in Servoy for users that are logged into the Domain.
However, what I would LIKE to have is the ability to assign a user to two or more groups, and upon logging into Servoy, be able to detect that and then prompt the user for “which” Group setting he/she would like to login under. Basically I treat Groups like “project sets” and restrict record access based on the users Group. Most users have only one Group, but some users have more then one Group and need to be able to choose.
I’m not sure why there is so little interest in the Servoy world. This has been a big time saver for me on the FM side, as I only have to set my users up once for access to the Application servers and the FM application. Maybe because of Servoys web centric interface it’s less of an issue to many developers, but we definately need to have this ability.
I’m a little disappointed that Servoy is not implementing this in V3 themselves as they alluded to earlier. No offense to you as a plug in writer, but I’m not sure how a Plug-in can really integrate well with their built in Security model. I’m thinking the best we may be able to accomplish is to “read” the AD Users and Groups out of the Domain Server into Servoy, but I don’t see how that would get us passwords and without that, how we would provide single pass authentication.
Any help/advice/news is sincerely appreciated, as this was one of our key concerns in getting on board with Servoy and waiting for V3.
Thanks,
Lee
Hi Lee,
I can not give you any reason for what Servoy implements or does not implement. I work with them but can not speak for them as you will understand!
At the moment the plugin can ‘read’ a LDAP server but nothing more than that!
Servoy 3.0 will ship with a seperate login form that you can use to create an alternative login method. This would ideally be the place to let the ldap plugin do its work (I also created a special login dialog in the dialog plugin).
As for tying in with security (if you are talking about Servoy security): you would have to do that yourself. I only provide extra functionality.
When you talk about security in the sense of ‘is using a plugin secure’ I can only say yes. You can check for the existance of a plugin and stop executing a solution when the plugin is not there.
When you want we can discuss your needs further via email…
Cheers
Marcel:
Thanks for the info. I understand you have no control over what Servoy does or does not implment.
WHen you say “read”, can you actually perform a authentication routine against the server? Can you determine if a User is logged in to the Domain from the machine executing Servoy, or attempt an authentication from the name and password supplied to Servoy?
Not sure how this is all going to work, but I hope we can come up with something. We’ve waited patiently for V3 in order to gain this functionality.
Thanks,
Lee
Depending on the authentication the answer is a careful yes. But be aware that there are different methods requiring more or less heavyweight authentication. I tend to say it needs to be tested.
If, sowhere on a system, it is visible that a user is logged in I might be able to see that. Is that basic ldap functionality?
As said (or at least suggested) you would have to use the plugin to look in the ldap tree for a user. Your solution/method would then have to check that against Servoy security.
Shall we move the discussion to the IT2Be forum forum.it2be.com. I don’t think very lengthy discussions about 3-rd party plugins and beans belong here.
Cheers,
Marcel
Marcel:
Sure we can mover over to your forum, but I would think other Servoy folks would have some interest in this.
As to the level of authentication, this is really not my area of expertise. I’m using the FM8 functionality at the moment, so whatever it is doing works and seems to be fine. I didn’t know there was more then one level. This is why I like 4GLs, it isolates me from having to be an expert in every dot and tiddle.
Regards,
Lee
Hi Marcel,
Our company is also definitely looking foward to the LDAP capability. This will be extremely helpful with users not having to memorize 2 sets of passwords. All we really needs aside from being able to check the authentication versus the MS active directory is to extract out the username so i can use it for further field level access inside Servoy. can’t wait until this is ready.
IT2Be:
Depending on the authentication the answer is a careful yes. But be aware that there are different methods requiring more or less heavyweight authentication. I tend to say it needs to be tested.If, sowhere on a system, it is visible that a user is logged in I might be able to see that. Is that basic ldap functionality?
As said (or at least suggested) you would have to use the plugin to look in the ldap tree for a user. Your solution/method would then have to check that against Servoy security.
Shall we move the discussion to the IT2Be forum forum.it2be.com. I don’t think very lengthy discussions about 3-rd party plugins and beans belong here.
Cheers,
Marcel
Hi,
In fact the plugin is ready. Only needs documentation and some further testing. Unfortunately the server broke down just before testing. Holding both the latest version of the plugin as well as the ldap server
I shall see that I can release a beta this (or next) week…
Cheers,
Marcel