portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dlest...@apache.org
Subject svn commit: r331084 - in /portals/jetspeed-2/trunk/components/security/xdocs: images/j2-admin-user-mgt.gif images/ldap-client-connection.gif ldap.xml
Date Sun, 06 Nov 2005 06:07:55 GMT
Author: dlestrat
Date: Sat Nov  5 22:07:51 2005
New Revision: 331084

URL: http://svn.apache.org/viewcvs?rev=331084&view=rev
Log:
http://issues.apache.org/jira/browse/JS2-188#action_12356329

Documentation on how to configure and use Jetspeed 2 with LDAP as an authentication provider.

Added:
    portals/jetspeed-2/trunk/components/security/xdocs/images/j2-admin-user-mgt.gif   (with
props)
    portals/jetspeed-2/trunk/components/security/xdocs/images/ldap-client-connection.gif 
 (with props)
Modified:
    portals/jetspeed-2/trunk/components/security/xdocs/ldap.xml

Added: portals/jetspeed-2/trunk/components/security/xdocs/images/j2-admin-user-mgt.gif
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/xdocs/images/j2-admin-user-mgt.gif?rev=331084&view=auto
==============================================================================
Binary file - no diff available.

Propchange: portals/jetspeed-2/trunk/components/security/xdocs/images/j2-admin-user-mgt.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: portals/jetspeed-2/trunk/components/security/xdocs/images/ldap-client-connection.gif
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/xdocs/images/ldap-client-connection.gif?rev=331084&view=auto
==============================================================================
Binary file - no diff available.

Propchange: portals/jetspeed-2/trunk/components/security/xdocs/images/ldap-client-connection.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: portals/jetspeed-2/trunk/components/security/xdocs/ldap.xml
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/xdocs/ldap.xml?rev=331084&r1=331083&r2=331084&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/xdocs/ldap.xml (original)
+++ portals/jetspeed-2/trunk/components/security/xdocs/ldap.xml Sat Nov  5 22:07:51 2005
@@ -26,90 +26,138 @@
 
         <section name="LDAP Configuration">
             <p>
-                Jetspeed 2 provides LDAP support for authentication. Configuring LDAP authentication
can be done by replacing the configuration files located
-                under
-                <i>${jetspeed-source-home}/portal/src/webapp/WEB-INF/assembly/</i>
-                by the files located under as indicated
-                <i>${jetspeed-source-home}/components/security/etc/</i>
-                . below.
-            </p>
-            <p>
                 Jetspeed 2 provides an embedded LDAP configuration through the <a
                 href="http://directory.apache.org/subprojects/apacheds/index.html">Apache
Directory Server</a>
                 . A external LDAP directory can also be onfigured in order to leverage the
LDAP security functionality.
             </p>
+            <subsection name="Configuring Jetspeed 2 to Use LDAP">
+            <p>
+            The following two files provide assembly configuration for authenticating with
LDAP:
+            <ul>
+                <li><i><a 
+                href="http://svn.apache.org/viewcvs.cgi/portals/jetspeed-2/trunk/components/security/etc/security-spi-ldap.xml?view=markup">security-spi-ldap.xml</a>:</i>
Provides
+                the configuration information for LDAP binding.  See configuration details
below.</li>
+                <li><i><a 
+                href="http://svn.apache.org/viewcvs.cgi/portals/jetspeed-2/trunk/components/security/etc/security-spi-ldap-atn.xml?view=markup">security-spi-ldap-atn.xml</a>:</i>
Provides
+                the SPI configuration for authentication.  It replaces the default implementations
of <i>CredentialHandler</i> and <i>UserSecurityHandler</i> 
+                with an LDAP specific implementation.</li>
+            </ul>
+            </p>
+            <p>
+            In order to configure Jetspeed 2 to use LDAP, add <i>security-spi-ldap.xml</i>
and <i>security-spi-ldap-atn.xml</i> to the Jetspeed 2 application
+            assembly directory and remove the default authentication SPI file <i>security-spi-atn.xml</i>.
+            In the source, this directory is located at:
+            <pre>${jetspeed-source-home}/src/webapp/WEB-INF/assembly/</pre>
+            If your application is deployed in Tomcat, this directory is located at:
+            <pre>${tomcat-home}/webapps/jetspeed/WEB-INF/assembly</pre> 
+            </p>
+            <p>
+            The <i>security-spi-ldap.xml</i> configuration file requires the
following values to be set:
+            </p>
+            <table>
+                <tr>
+                    <th>Property</th>
+                    <th>Value</th>
+                </tr>
+                <tr>
+                    <td>org.apache.jetspeed.ldap.initialContextFactory</td>
+                    <td>
+                    The initial context factory used for binding to LDAP.  The LDAP assembly
is configured
+                    by default with the Sun LDAP context factory: <i>com.sun.jndi.ldap.LdapCtxFactory</i>.
+                    </td>
+                </tr>
+                <tr>
+                    <td>org.apache.jetspeed.ldap.ldapServerName</td>
+                    <td>
+                    The location of the LDAP server to connect to.  By default the LDAP assembly
uses
+                    <i>localhost</i>.
+                    </td>
+                </tr>
+                <tr>
+                    <td>org.apache.jetspeed.ldap.ldapServerPort</td>
+                    <td>
+                    The port of the LDAP server to connect to.  By default the LDAP assembly
uses
+                    Apache Directory Server default port <i>10389</i>.
+                    </td>
+                </tr>
+                <tr>
+                    <td>org.apache.jetspeed.ldap.rootDn</td>
+                    <td>
+                    The user distinguished name used by the application to connect to the
LDAP server.
+                    By default the LDAP assembly uses Apache Directory Server system admin
user <i>uid=admin,ou=system</i>.
+                    </td>
+                </tr>
+                <tr>
+                    <td>org.apache.jetspeed.ldap.rootPassword</td>
+                    <td>
+                    The password used by the application to connect to the LDAP server.
+                    By default the LDAP assembly uses Apache Directory Server system admin
password <i>secret</i>.
+                    </td>
+                </tr>
+                <tr>
+                    <td>org.apache.jetspeed.ldap.rootContext</td>
+                    <td>
+                    The root context for the LDAP directory set up.  By default, Jetspeed
2 uses the same root context
+                    as the root context provided in the <a href="http://docs.safehaus.org/display/APACHEDS/The+Apache+Directory+Tutorial">Apache
Directory Server tutorial</a>:
+                    <i>o=sevenSeas</i>.
+                    </td>
+                </tr>
+                <tr>
+                    <td>org.apache.jetspeed.ldap.defaultDnSuffix</td>
+                    <td>
+                    Provides the ability to add a suffix to the principal.  This is empty
by default.
+                    </td>
+                </tr>
+                <tr>
+                    <td>org.apache.jetspeed.ldap.ou.users</td>
+                    <td>
+                    The default organizational unit for users.
+                    </td>
+                </tr>
+                <tr>
+                    <td>org.apache.jetspeed.ldap.ou.groups</td>
+                    <td>
+                    The default organizational unit for groups.
+                    </td>
+                </tr>
+            </table>
+            </subsection>
+            <subsection name="Starting LDAP">
+            <p>
+            Jetspeed 2 maven plugin provides a easy way to get started with Apache Directory
Server. To start the LDAP
+            server run:
+            <pre>maven j2:start.ldap.server</pre>
+            See <a href="/j2-maven-plugin.html#LDAP_Management_Goals">the J2 maven
plugin documentation</a> for more information.
+            </p>
+            </subsection>
+            <subsection name="Connecting to LDAP">
             <p>
-                <i>security-spi-atn.xml</i>
-                should be replaced by
-                <i>security-spi-ldap-atn.xml</i>
-                and
-                <i>security-spi-ldap.xml</i>
-                should be copied to the assembly directory as well.
-            </p>
-            <p>
-                The
-                <i>security-spi-ldap-atn.xml</i>
-                peeforms the same functions as the
-                <i>security-spi-atn.xml</i>
-                described above. It replaces the default implementation for
-                <i>CredentialHandler</i>
-                and
-                <i>UserSecurityHandler</i>
-                with an LDAP specific implementation.
-            </p>
-            <p>
-            <u>The sections below are outdated.  Update to come soon...</u>
-            </p>
-            <p>
-                Additionally,
-                <i>ldap.properties</i>
-                located under
-                <i>${jetspeed-source-home}/components/security/etc/</i>
-                should be copied under
-                <i>${jetspeed-source-home}/portal/src/webapp/WEB-INF/conf/</i>
-                .
-            </p>
-            <subsection name="ldap.properties">
-                <table>
-                    <tr>
-                        <th>Property</th>
-                        <th>Value</th>
-                    </tr>
-                    <tr>
-                        <td>org.apache.jetspeed.ldap.ldapServerName</td>
-                        <td>
-                            The LDAP server name to connect to. E.g.
-                            <i>localhost</i>
-                        </td>
-                    </tr>
-                    <tr>
-                        <td>org.apache.jetspeed.ldap.rootDn</td>
-                        <td>
-                            The root domain name. E.g.
-                            <i>cn=Manager,dc=proto,dc=dataline,dc=com</i>
-                            . In properties files the "=" in the value should be escaped,
i.e.
-                            <i>cn\=Manager,dc\=proto,dc\=dataline,dc\=com</i>
-                        </td>
-                    </tr>
-                    <tr>
-                        <td>org.apache.jetspeed.ldap.rootPassword</td>
-                        <td>The root password.</td>
-                    </tr>
-                    <tr>
-                        <td>org.apache.jetspeed.ldap.rootContext</td>
-                        <td>
-                            The root context. E.g.
-                            <i>dc=proto,dc=dataline,dc=com</i>
-                        </td>
-                    </tr>
-                    <tr>
-                        <td>org.apache.jetspeed.ldap.defaultDnSuffix</td>
-                        <td>
-                            The default suffix. E.g.
-                            <i>ou=Norfolk,o=Dataline</i>
-                        </td>
-                    </tr>
-                </table>
+            Many client are available for connecting to LDAP.  The Apache Directory Server
provides 
+            <a href="http://docs.safehaus.org/display/APACHEDS/Connecting+to+Apache+Directory+Server">a
nice tutorial</a> on how
+            to connect to Apache DS with different clients.
+            </p>
+            <p>
+            If you decide to use <a href="http://www.jxplorer.org/">JXplorer</a>,
your client connection window should look
+            as follow:<br/>
+            <div align="center"><img src="images/ldap-client-connection.gif" border="0"/></div>
+            </p>
+            </subsection>
+            <subsection name="Loading Test User Accounts">
+            <p>
+            Jetspeed 2 provides 
+            <a href="http://svn.apache.org/viewcvs.cgi/portals/jetspeed-2/trunk/etc/apacheds/j2-apacheds.ldif?view=markup">a
sample ldiff file</a> 
+            for loading user test data. Import the ldif into your LDAP.  In JXplorer, users
can select <i>LDIF -> Import File</i> and choose the
+            file to import. 
+            </p>
+            <p>
+            Once the data is imported and all above steps have been performed, start or restart
your application server.
+            You can now login to Jetspeed with the accounts available in LDAP. For instance
<i>admin/admin</i>.
+            </p>
+            <p>
+            The LDAP configuration also fully integrates with Jetspeed <i>UserManager</i>,
and therefore admin functionality
+            such as the user management section, retrieve user from LDAP as well as shown
below:<br/>
+            <div align="center"><img src="images/j2-admin-user-mgt.gif" border="0"/></div>
+            </p>
             </subsection>
         </section>
     </body>



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message