Return-Path: Delivered-To: apmail-portals-jetspeed-dev-archive@www.apache.org Received: (qmail 15539 invoked from network); 8 Jun 2006 18:37:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 8 Jun 2006 18:37:36 -0000 Received: (qmail 26347 invoked by uid 500); 8 Jun 2006 18:37:34 -0000 Delivered-To: apmail-portals-jetspeed-dev-archive@portals.apache.org Received: (qmail 26321 invoked by uid 500); 8 Jun 2006 18:37:34 -0000 Mailing-List: contact jetspeed-dev-help@portals.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Jetspeed Developers List" Delivered-To: mailing list jetspeed-dev@portals.apache.org Received: (qmail 26310 invoked by uid 99); 8 Jun 2006 18:37:34 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Jun 2006 11:37:34 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of bricelambi@gmail.com designates 64.233.184.224 as permitted sender) Received: from [64.233.184.224] (HELO wr-out-0506.google.com) (64.233.184.224) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Jun 2006 11:37:33 -0700 Received: by wr-out-0506.google.com with SMTP id 69so659418wri for ; Thu, 08 Jun 2006 11:37:12 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=Th/viT9zcSeRHliWalHfSU4M15W+tNmYv9bY1OxGnXFLd1rLoXXwYlfiVqzABzWy/AKNI/xb+EGW83dqpO/XaGmm+4BrjAUEl0C+o/IurGcM4ZRZG4kkxFGXZ6wMkfi4sDkL7JAarQgMvwJUmJ7nlcEvn9me3TgvL3jFtz64xvM= Received: by 10.64.210.4 with SMTP id i4mr2119630qbg; Thu, 08 Jun 2006 11:37:12 -0700 (PDT) Received: by 10.65.239.2 with HTTP; Thu, 8 Jun 2006 11:37:12 -0700 (PDT) Message-ID: Date: Thu, 8 Jun 2006 13:37:12 -0500 From: "Brice Lambi" To: "Jetspeed Developers List" Subject: Re: Jetspeed 2 with LDAP In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_18104_33337285.1149791832665" References: <4487A4F6.8090109@bluesunrise.com> <44886093.90500@bluesunrise.com> X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N ------=_Part_18104_33337285.1149791832665 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline A document like that would be great. I wouldn't mind implementing role and group security through LDAP. It would be nice to have a guide to start from. Good luck with the new baby! Thanks, Brice On 6/8/06, Aaron Evans wrote: > > AFAIK, the default implementation only implements the Authentication > SPI components (UserSecurityHandler, CredentialHandler), *not* the > Authorization SPI components (RoleSecurityHandler, > GroupSecurityHandler, SecurityMappingHandler). This is of course > unless someone has implemented them since. > > So when you use it in that capacity, your usernames and passwords > would be stored in LDAP, but the role and group associations would be > stored in jetspeeds database. > > I have implemented all of the ATN and ATZ SPI components to connect to > my OpenLDAP custom schema. It is not that difficult if you follow > the default components as an example. > > Unfortunately, in order to get these components built quickly, I used > my own proprietary data access layer API instead of spring DAO. > > I would very much like to learn spring DAO at some point and retro-fit > these to use spring DAO and then donate the code but unfortunatley my > company is the eternal whip cracker and I have no time to do this > right now. That and my wife and I are preparing for a baby. Hey, > maybe during my pat leave! Now there's an idea! > > Also, i was thinking that I might try my hand at authoring a "Guide to > implementing custom ATN/ATZ components". It really isn't that > difficult if you follow the default implementations as a guide, but I > think a document around this would reassure people... > > > > > > > > > > > On 6/8/06, David Sean Taylor wrote: > > Brice Lambi wrote: > > > What do I need to do to populate the roles, groups and > permissions? The > > > sample ldif file in the ldap doc only adds one admin user. I've tried > > > cloning what is in the default jetspeed install by making a admin, > user and > > > manager role. This didn't seem to work for me. There are a couple of > docs > > > that give tutorials on how to set up the Apache DS, but it looks like > that > > > server has been down for some time. > > > > > > How does the role name need to be configured? In the jetspeed.schemafile > > > distributed with the source, a jetspeed-role requires a uid. Is the > uid > > > the > > > name of the role? I would be happy to document this process once I > get > > > this > > > all figured out. > > > > > > Thanks, > > > Brice > > > > > I haven't tried integrating roles into LDAP > > The example we provide only populates the one user, and then allows you > > to login over LDAP. Im sure you can populate the roles and groups as > > well, I've just never tried it. I would follow the same pattern as for > > users, where the uid is set to the username, do the same for roles > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org > > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org > > ------=_Part_18104_33337285.1149791832665--