incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hobbs, Joseph" <Joseph.Ho...@53.com>
Subject RE: LDAP user database & LoginModule
Date Tue, 09 Dec 2008 20:53:52 GMT
Andrew,

I think adding LDAP Integration into JSPWiki is an excellent idea,
though I'd question the need to offer embedded LDAP with JSPWiki.  If
you're goal is to provide this integration specifically for Enterprise
users, 99% of the time they will already have an existing LDAP
infrastructure they are tying into.  In that scenario, you don't need to
provide the LDAP database.  This makes your life much easier.  To be
honest, I think simply providing an LdapUserDatabase and
LdapGroupDatabase would satisfy most cases you are looking for.

I had thought about doing this for my installation, but was successful
in getting my container (WebSphere) to do most of the work for me.  I
did have to make some modifications to the web.xml to get things to work
as expected, but it works like a charm.  I still use the File-based
user/group databases, but WebSphere assigns the important roles (in my
case they are Authenticated, Author, and Admin) based on LDAP Group
memberships.

The one hiccup for me that prevents me from using LDAP for group
memberships relates to rights.  In a large organization, permissions
tend to be controlled by an external party (Information Security group,
etc).  Due to this my JSPWiki application can READ LDAP, but has no
authority to modify.  Modifications in LDAP require a form submission,
approvals, and all that jazz.  So using File-based group databases
actually allows me to use JSPWiki Groups and ACLs in my Wiki without
having to have every little change provisioned separately.  To me the
separation is a good thing.  With that said, I doubt that will be the
case for everyone.

I'd be willing to take a crack at putting together user/group databases
that interface with LDAP...  I was already planning on putting together
an ldap-based user database for my installation to eliminate the
file-based user database I'm using today.

Joseph Hobbs
Lead Technology Architect
Enabling Technologies : Technical Services
Fifth Third Bank
Phone : (513) 534-5908
Fax : (513) 534-3408
Email : Joseph.Hobbs@53.com


-----Original Message-----
From: Andrew Jaquith [mailto:andrew.r.jaquith@gmail.com] 
Sent: Tuesday, December 09, 2008 3:28 PM
To: jspwiki-dev@incubator.apache.org
Subject: Re: LDAP user database & LoginModule

I was thinking mostly about the fact that LDAP integration (and
specifically, Active Directory) is a pretty important thing for
enterprises.
It seems like something we should just have. I'd prefer not to say "go
write
your own!" to people who ask. I'd feel guilty knowing that they'd
half-ass
it. :)
No, I don't see JSPWiki becoming an LDAP *provider.* Just a consumer.
Interesting thought though.

On Tue, Dec 9, 2008 at 2:42 PM, Janne Jalkanen
<Janne.Jalkanen@ecyrd.com>wrote:

>
> Can't say that I have... LDAP is mostly black magic to me anyway :-)
>
> But my +1 for this. Sounds like a good idea.  Are you perhaps thinking
of
> JSPWiki becoming an LDAP provider for massive wikifarm integration
with
> other software as well? ;-)
>
> /Janne
>
>
> On Dec 9, 2008, at 21:07 , Andrew Jaquith wrote:
>
>  Fellow devs--
>>
>> Anybody experienced with embedded Java LDAP servers like OpenDS? I'd
like
>> to see us ship a supported LDAP option for authentication (JAAS
LoginModule)
>> and user storage (UserDatabase). Would love to rig up a test harness,
like
>> we have with HSQL, as the first step.
>>
>> Anybody able to take this on?
>>
>> Andrew
>>
>
>

This e-mail transmission contains information that is confidential and may be privileged.
  It is intended only for the addressee(s) named above. If you receive this e-mail in error,
please do not read, copy or disseminate it in any manner. If you are not the intended recipient,
any disclosure, copying, distribution or use of the contents of this information is prohibited.
Please reply to the message immediately by informing the sender that the message was misdirected.
After replying, please erase it from your computer system. Your assistance in correcting this
error is appreciated.


Mime
View raw message