Mailing-List: contact jetspeed-dev-help@portals.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Jetspeed Developers List" <jetspeed-dev@portals.apache.org>
Received-SPF: pass (asf.osuosl.org: local policy)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type;
  b=vQoNqAQy2A4ii2hqXn4jnEZPxoe0IRJ8RGA5prllxKfPJO9rSR86f063UT2BMspNq05ks9IqFWCOmzb8FFAx64GeergVeOcP0MJbupY1I/p0lBOW+t94CkprQLzoH72YwMMQDWGcS0oQHeX0XIX8GVsDUoVnw8Ot5DZjYiHHPB8=
  ;
Message-ID: <20060609144925.42331.qmail@web37210.mail.mud.yahoo.com>
Date: Fri, 9 Jun 2006 07:49:25 -0700 (PDT)
From: David Le Strat <dlestrat@yahoo.com>
Reply-To: David Le Strat <dlestrat@yahoo.com>
Subject: Re: Jetspeed 2 with LDAP
To: Jetspeed Developers List <jetspeed-dev@portals.apache.org>
In-Reply-To: <448898DD.1090103@bluesunrise.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

Authorization should now work with LDAP.  Most handlers and unit tests have been implemented for LDAP security.  The unit tests are available at:

http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/spi/ldap/

To activate this with Jetspeed, you will need to modify the XML SPI config files to leverage the correct implementations.  That's where I stopped, there may be some tweaks required to get this to work with the webapp.

Regards,

David Le Strat
 
________________________David Le Strat
Blogging @ http://dlsthoughts.blogspot.com

----- Original Message ----
From: David Sean Taylor <david@bluesunrise.com>
To: Jetspeed Developers List <jetspeed-dev@portals.apache.org>
Sent: Thursday, June 8, 2006 5:38:37 PM
Subject: Re: Jetspeed 2 with LDAP

Aaron Evans wrote:
> AFAIK, the default implementation only implements the Authentication
> SPI components (UserSecurityHandler, CredentialHandler), *not* the
> Authorization SPI components (RoleSecurityHandler,
> GroupSecurityHandler, SecurityMappingHandler).  This is of course
> unless someone has implemented them since.

Take a look at Mike Long's contributions.
He wrote an LDAP DAO layer as well as an LdapRoleSecurityHandler and 
LdapGroupSecurityHandler

I have not tested it out, not sure if its ready

> 
> So when you use it in that capacity, your usernames and passwords
> would be stored in LDAP, but the role and group associations would be
> stored in jetspeeds database.
> 
> I have implemented all of the ATN and ATZ SPI components to connect to
> my OpenLDAP custom schema.   It is not that difficult if you follow
> the default components as an example.
> 
> Unfortunately, in order to get these  components built quickly, I used
> my own proprietary data access layer API instead of spring DAO.

Mike's implementation is all configured with Spring

> 
> I would very much like to learn spring DAO at some point and retro-fit
> these to use spring DAO and then donate the code but unfortunatley my
> company is the eternal whip cracker and I have no time to do this
> right now.  That and my wife and I are preparing for a baby.  Hey,
> maybe during my pat leave! Now there's an idea!
> 
> Also, i was thinking that I might try my hand at authoring a "Guide to
> implementing custom ATN/ATZ components".   It really isn't that
> difficult if you follow the default implementations as a guide, but I
> think a document around this would reassure people...
> 
Finding the time to write documentation is the difficult part.
Documentation is always welcome, and now you have perfect opportunity ;)


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org