portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davy De Waele" <sebu...@pandora.be>
Subject RE: [jira] Updated: (JS2-491) Enhance J2 LDAP Security Documentation
Date Sun, 12 Nov 2006 23:32:08 GMT
Aaron,

The LDAP stuff will continue to work provided the latest patch is used
(JS2-491).

The latest patch contains

JDK1.4 compliancy
Enhancements/Bugfixes
Sample LDIFs + Jetspeed configurations for
openldap,sunds,domino,apacheds

I have all of those LDAP servers running here and Jetspeed2 is able to
connect to them using different schemas.

The thing is that most people currently use the jetspeed2 website to
configure their Jetspeed LDAP setup. That stuff is outdated compared to
the stuff that's currently in HEAD.

I've provided some updated documentation on the JIRA issue + a patch.

I would like to see some other people testing the patch. That would
definitely generate some feedback. 
It's just a matter of minutes to setup jetspeed2 with openldap or
apacheds.

I think the changes to the LDAP connectivity are substantial, and have a
great added value for Jetpeed2.

If anyone needs some help in connecting their LDAP server to Jetspeed
let me know.

Greetings,

Davy

-----Oorspronkelijk bericht-----
Van: Aaron Evans [mailto:aaronmevans@gmail.com] 
Verzonden: zondag 12 november 2006 17:24
Aan: Jetspeed Developers List
Onderwerp: Re: [jira] Updated: (JS2-491) Enhance J2 LDAP Security
Documentation

Guys,
will Davy's LDAP stuff still work?  I thought maybe it was broken
since there were Java 1.5 specific things in it and Ate had to comment
them out when he applied a patch for JS2-491.

Or are these things completely unrelated?

See svn commit: r454376 (search the archives for r454376):

>JS2-491 patch breaks Jetspeed trunk as it cannot compile/run anymore
on Java 1.4.
>Fixing Java 5 dependencies by (temporarily) commenting out the related
code.
>THIS BREAKS THE CURRENT LDAP support!!!

-aaron

On 11/11/06, Davy De Waele (JIRA) <jetspeed-dev@portals.apache.org>
wrote:
>      [ http://issues.apache.org/jira/browse/JS2-491?page=all ]
>
> Davy De Waele updated JS2-491:
> ------------------------------
>
>     Attachment: jetspeed LDAP.doc
>
> I've also written up some documentation describing the new LDAP
configuration, and the properties in security-spi-ldap.xml.
>
> Sorry for the MS Word format... Efforts are on the way to convert it
into xdoc format
>
> If you have any problems or questions, don't hesitate to contact me.
>
> > Enhance J2 LDAP Security Documentation
> > --------------------------------------
> >
> >                 Key: JS2-491
> >                 URL: http://issues.apache.org/jira/browse/JS2-491
> >             Project: Jetspeed 2
> >          Issue Type: Improvement
> >          Components: Security
> >    Affects Versions: 2.1-dev
> >            Reporter: David Le Strat
> >             Fix For: 2.1-dev
> >
> >         Attachments: jetspeed LDAP.doc, jetspeed-ldap-final.patch,
jetspeed2-ldap-11102006.patch, ldap_patch_with_jdk_fix.patch
> >
> >
> > From Davy De Waele email to the list:
> > Judging from the recent activity on the mailing list I noticed some
> > interest in using LDAP & Jetspeed
> > Some thoughts come to mind:
> > 1. The instructions located at
> >
http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/ldap
> > .html are really only applicable for people who are building
jetspeed
> > from source.
> > Due to the fact that the security-spi-ldap*.xml files shown there
are
> > coming from SVN (interface changes, additional objects in the
> > configuration files that are not in the 2.0 binary release), users
who
> > have installed jetspeed2 via the installer attempting to follow
these
> > instructions will run into configuration issues.
> > What would be the best way to address this?
> > I think we should make a difference between users who are familiar
with
> > Maven, SVN, compiling/building/deploying, and users who just want to
> > get
> > the thing up & running using the installer.
> > Shouldn't we put this information into perspective by:
> > a) Clearly indicating that this is only intended for people building
> > from source
> > b) Provide an additional manual on what needs to be done starting
from
> > a
> > binary release (2.0 version)
> >
> > The user would have to
> >           * copy the security-spi-ldap*.xml files (we provide
> > downloadable spring XML files acting as examples)
> >           * remove their default security-spi-atn.xml
> >           * restart tomcat
> >           * preparing their LDAP server
> > As far as LDAP support goes, we should provide instructions on how
> > existing LDAP servers can be used with jetspeed. We can also provide
> > downloadable schema files & LDIF sample data for all major vendors +
> > documentation)
> > I could provide such manuals for OpenLDAP,SunDS and ApacheDS.
> > 2. The major problem that users will be facing today is that
encrypted
> > passwords are not supported in the jetspeed2.0 release. Given that
this
> > functionality has been committed to the codebase, how do you feel
> > towards providing a downloadable JAR file to users that would act as
a
> > replacement for their current jetspeed-security-2.0.jar - doesn't
have
> > to be anything official, could be included as a link in the
> > documentation)
> > The user would have to
> >          * replace his jetspeed-security-2.0.jar
> >          * restart tomcat
> > The user would have support for encrypted passwords and group/role
> > membership via LDAP.
> > 3. OpenLDAP schema file
> > I had to add groupOfUniqueNames as a parent to the jetspeed-2-group
and
> > jetspeed-2-role objectClasses in order for the group/role assignment
to
> > work in OpenLDAP.
> > ApacheDS doesn't really care when objects are created in the LDAP
tree
> > containing attributes that aren't defined in the LDAP schema.
OpenLDAP
> > does :) I've attached the new jetspeed.schema file.
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the
administrators: http://issues.apache.org/jira/secure/Administrators.jspa
> -
> For more information on JIRA, see:
http://www.atlassian.com/software/jira
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message