portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dolf Smits (JIRA)" <jetspeed-...@jakarta.apache.org>
Subject [jira] Commented: (JS2-188) Implement the LDAP
Date Mon, 21 Feb 2005 09:27:50 GMT
     [ http://issues.apache.org/jira/browse/JS2-188?page=comments#action_59493 ]
Dolf Smits commented on JS2-188:

Hi All,

I just started investigating jetSpeed, so I do not have much experience with jetspeed. I do
however have some experience with LDAP, and although i will have a look at the implementations
soon, I already want to make some remarks.

In the sourcecode, i see code to retrieve a user password from ldap, this will nearly always
be forbidden by policies, so you can never rely on this feature, checking a password should
always be done by issuing a bind operation.

Never rely on attributes and or objectclasses in use within LDAP, as most users will want
to connect their portal to an existing enterprise directory, the tree-design and objectclasses
might already have been defined, so they should be configurable in the jetspeed-ldap connection

If you want to use some specific attributes, define an auxilliarry objectclass with the wanted
attributes (preferably special attributes designed for jetspeed and use that in the directory.

in my opinion, all authentication and authorization data should be placed together in one
directory, so you definitly need to define objectclasses and attributes to store this information.
Although i did not have a look at the table definitions, I think that one objectclass to equal
a table definition is a good way of defining the LDAP schema. You must however be carefull
when using references (distinghuised name syntaxes) as these might lead to deadlocks during
the addition of objects.

Hope this helps, i will start reading more on this topic and comment on this as I find something


> Implement the LDAP
> ------------------
>          Key: JS2-188
>          URL: http://issues.apache.org/jira/browse/JS2-188
>      Project: Jetspeed 2
>         Type: Improvement
>   Components: Security
>     Reporter: J, Edgar Zavala
>  Attachments: jetspeed-2-ldap-authentication.tar.gz
> Implement the LDAP integration using the SPI, provide the LDAP authenitcation option.
> 1.- Complete the current implementation and complete the David work in:
>    a) org.apache.jetspeed.security.spi.impl.LdapCredentialHandler
>    b) org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
If you want more information on JIRA, or have a bug to report see:

To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

View raw message