portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Evans" <aaronmev...@gmail.com>
Subject Re: [jira] Commented: (JS2-491) Enhance J2 LDAP Security Documentation
Date Wed, 27 Sep 2006 13:33:50 GMT
David,
I'll test it out against my custom schema in OpenLDAP when I get a
chance.  I'm looking forward to dropping my custom stuff and replacing
with standard jetspeed components. :)

-aaron

On 9/27/06, David Sean Taylor (JIRA) <jetspeed-dev@portals.apache.org> wrote:
>     [ http://issues.apache.org/jira/browse/JS2-491?page=comments#action_12438053 ]
>
> David Sean Taylor commented on JS2-491:
> ---------------------------------------
>
> patch applied
> im going to leave this issue open since:
>
> a) it needs testing by others
> b) hoping for some docs ;)
>
> > Enhance J2 LDAP Security Documentation
> > --------------------------------------
> >
> >                 Key: JS2-491
> >                 URL: http://issues.apache.org/jira/browse/JS2-491
> >             Project: Jetspeed 2
> >          Issue Type: Improvement
> >          Components: Security
> >    Affects Versions: 2.1-dev
> >            Reporter: David Le Strat
> >             Fix For: 2.1-dev
> >
> >         Attachments: jetspeed-ldap-final.patch
> >
> >
> > From Davy De Waele email to the list:
> > Judging from the recent activity on the mailing list I noticed some
> > interest in using LDAP & Jetspeed
> > Some thoughts come to mind:
> > 1. The instructions located at
> > http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/ldap
> > .html are really only applicable for people who are building jetspeed
> > from source.
> > Due to the fact that the security-spi-ldap*.xml files shown there are
> > coming from SVN (interface changes, additional objects in the
> > configuration files that are not in the 2.0 binary release), users who
> > have installed jetspeed2 via the installer attempting to follow these
> > instructions will run into configuration issues.
> > What would be the best way to address this?
> > I think we should make a difference between users who are familiar with
> > Maven, SVN, compiling/building/deploying, and users who just want to
> > get
> > the thing up & running using the installer.
> > Shouldn't we put this information into perspective by:
> > a) Clearly indicating that this is only intended for people building
> > from source
> > b) Provide an additional manual on what needs to be done starting from
> > a
> > binary release (2.0 version)
> >
> > The user would have to
> >           * copy the security-spi-ldap*.xml files (we provide
> > downloadable spring XML files acting as examples)
> >           * remove their default security-spi-atn.xml
> >           * restart tomcat
> >           * preparing their LDAP server
> > As far as LDAP support goes, we should provide instructions on how
> > existing LDAP servers can be used with jetspeed. We can also provide
> > downloadable schema files & LDIF sample data for all major vendors +
> > documentation)
> > I could provide such manuals for OpenLDAP,SunDS and ApacheDS.
> > 2. The major problem that users will be facing today is that encrypted
> > passwords are not supported in the jetspeed2.0 release. Given that this
> > functionality has been committed to the codebase, how do you feel
> > towards providing a downloadable JAR file to users that would act as a
> > replacement for their current jetspeed-security-2.0.jar - doesn't have
> > to be anything official, could be included as a link in the
> > documentation)
> > The user would have to
> >          * replace his jetspeed-security-2.0.jar
> >          * restart tomcat
> > The user would have support for encrypted passwords and group/role
> > membership via LDAP.
> > 3. OpenLDAP schema file
> > I had to add groupOfUniqueNames as a parent to the jetspeed-2-group and
> > jetspeed-2-role objectClasses in order for the group/role assignment to
> > work in OpenLDAP.
> > ApacheDS doesn't really care when objects are created in the LDAP tree
> > containing attributes that aren't defined in the LDAP schema. OpenLDAP
> > does :) I've attached the new jetspeed.schema file.
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
> -
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message