portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ate Douma (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Resolved: (JS2-1143) New LDAP UserPasswordCredentialManager providing LDAP authentication, maintenance of LDAP credentials and UserPasswordCredentialPolicyManager support
Date Tue, 23 Mar 2010 15:13:27 GMT

     [ https://issues.apache.org/jira/browse/JS2-1143?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ate Douma resolved JS2-1143.
----------------------------

    Resolution: Fixed

Implemented

> New LDAP UserPasswordCredentialManager providing LDAP authentication, maintenance of
LDAP credentials and UserPasswordCredentialPolicyManager support
> -----------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: JS2-1143
>                 URL: https://issues.apache.org/jira/browse/JS2-1143
>             Project: Jetspeed 2
>          Issue Type: New Feature
>          Components: LDAP, Security
>    Affects Versions: 2.2.0
>            Reporter: Ate Douma
>            Assignee: Ate Douma
>             Fix For: 2.2.1
>
>
> The new LdapUserPasswordCredentialManager can be used as a replacement of the standard
(db only) UserPasswordCredentialManager and automatically handle LDAP based authentication.
> When using this LdapUserPasswordCredentialManager the LdapAuthenticationProvider is not
needed to be configured (still remains useful with readonly LDAP configurations).
> Also the PasswordCredentials maintenance is handled as a wrapped/layered solution on
top of the standard database, supporting creation/updating of LDAP passwords as well as simultaneously
tracking them in the database as well.
> For the LDAP password encoding a new LdapCredentialPasswordEncoder is provided which
supports (Unix) CRYPT, SHA, SSHA, MD5 and SMD5 hashing.
> This LDAP password encoder can also be used for the database persistent storage, or an
alternative encoder can be configured.
> The encoding algorithms have been borrowed and adapted from the Apache Directory Studio
project.
> As the LdapUserPasswordCredentialManager fully supports the UserPasswordCredentialPolicyManager
(with regards to the *database* representation of the PasswordCredential), all features like
credential pre/post processing, (custom) password validation interceptors, etc. can be leveraged
for LDAP too.
> Also, changing a password can be configured to be executed through the administrative
LDAP account (default) or only by the current user itself. The latter is useful for LDAP environments
which enforce this as a requirement.
> Note: this implementation does *not* support Active Directory which requires special
(additional) handling, but the needed "hooks" are already provided to support extending this
implementation for that purpose. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message