portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Le Strat <dlest...@yahoo.com>
Subject Re: Jetspeed2 LDAP
Date Sun, 05 Feb 2006 15:38:19 GMT
Davy,

See comments below.

--- Davy De Waele <sebulba@pandora.be> wrote:

> David,
> 
> Judging from the recent activity on the mailing list
> I noticed some
> interest in using LDAP & Jetspeed 
> 
> Some thoughts come to mind:
> 
> 1. The instructions located at
>
http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/ldap
> .html are really only applicable for people who are
> building jetspeed
> from source. 
> Due to the fact that the security-spi-ldap*.xml
> files shown there are
> coming from SVN (interface changes, additional
> objects in the
> configuration files that are not in the 2.0 binary
> release), users who
> have installed jetspeed2 via the installer
> attempting to follow these
> instructions will run into configuration issues.
> 
> What would be the best way to address this?
> 
> I think we should make a difference between users
> who are familiar with
> Maven, SVN, compiling/building/deploying, and users
> who just want to get
> the thing up & running using the installer.
> 
> Shouldn't we put this information into perspective
> by:
> 
> a) Clearly indicating that this is only intended for
> people building
> from source
> b) Provide an additional manual on what needs to be
> done starting from a
> binary release (2.0 version)
> 	
> The user would have to 
>           * copy the security-spi-ldap*.xml files
> (we provide
> downloadable spring XML files acting as examples)
>           * remove their default
> security-spi-atn.xml
>           * restart tomcat
>           * preparing their LDAP server 
> 
> 
> As far as LDAP support goes, we should provide
> instructions on how
> existing LDAP servers can be used with jetspeed. We
> can also provide
> downloadable schema files & LDIF sample data for all
> major vendors +
> documentation)
> 
> I could provide such manuals for OpenLDAP,SunDS and
> ApacheDS.

Completely agree with you there. I won't have much
time to get to this this week but if you want to take
the initiative, I will be happy to apply your patch.

> 
> 2. The major problem that users will be facing today
> is that encrypted
> passwords are not supported in the jetspeed2.0
> release. Given that this
> functionality has been committed to the codebase,
> how do you feel
> towards providing a downloadable JAR file to users
> that would act as a
> replacement for their current
> jetspeed-security-2.0.jar - doesn't have
> to be anything official, could be included as a link
> in the
> documentation)
> 
> The user would have to
>          * replace his jetspeed-security-2.0.jar
>          * restart tomcat
> 
> The user would have support for encrypted passwords
> and group/role
> membership via LDAP.

That's one way to do it.  Roger had requested that we
merge the latest security changes with the 2.0.1
branch.  That would be another option.  I am not sure
what the timeline for 2.0.1 is.

> 
> 
> 3. OpenLDAP schema file
> 
> I had to add groupOfUniqueNames as a parent to the
> jetspeed-2-group and
> jetspeed-2-role objectClasses in order for the
> group/role assignment to
> work in OpenLDAP.
> ApacheDS doesn't really care when objects are
> created in the LDAP tree
> containing attributes that aren't defined in the
> LDAP schema. OpenLDAP
> does :) I've attached the new jetspeed.schema file.

Got it,  I will commit the new schema file.


________________________
David Le Strat
Blogging @ http://dlsthoughts.blogspot.com

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message