Email validation and default groups

[Peter Neubauer <pe...@jayway.se>]

Hi there,
I am trying to set up ADS with Crowd, SVN and Mailman. I have three
issues I would like to solve:

1. A system for signing up new users against ADS and changing
passwords (I think Crowd is not yet supporting this, and I don't mind
a separate page/application to handle LDAP users and profiles)

2. ADS should only accept valid mail address strings as both username
and email when trying to add a new user

3. A new user should be automatically be added to some default groups

Is that achieveable from within ADS?

Cheers

/peter

Re: Email validation and default groups

[Peter Neubauer <pe...@jayway.se>]

Ok,
let me see if I can get a skeleton up early next week for you to look at.

/peter

On 5/18/07, Alex Karasulu <ak...@apache.org> wrote:
> We could do it at OPS4J however it would be nice to keep the project here
> since it is so closely coupled to ApacheDS.  Is this ok for you?  If you can
>
> submit some patches at first we can apply then to a sandbox area for this
> then I'm sure we could kick off a vote to get you karma to work on this
> stuff
> here.  I know it's not as open as working on stuff over at OPS4J but after
> this
> tiny hurdle we can get moving rapidly.
>
> Alex
>
> On 5/18/07, Peter Neubauer <pe...@jayway.se> wrote:
> >
> > Alex,
> > I am using 1.5, would be great to get inte using triggers for internal
> > stuff and get going on the self service app. that one is necessary
> > even for crowd since using it disables the account sign us and
> > management features of e.g. jira.
> > i imagine a small web app or standalone via osgi with embedde mea
> > server and spring ldap.
> > I think this is a common admin client like ldap studio and should
> > reside here and be very flexible in terms of skimming.
> > i could start something in the ops4j laboratory in order to get going
> > next week?
> > /peter
> >
> > On 5/16/07, Alex Karasulu <ak...@apache.org> wrote:
> > > Hi Peter,
> > >
> > > Do me a favor and just let me know which version of ApacheDS you're
> > using
> > > so I can best help you.  I'll try to answer some of your questions below
> > > presuming
> > > that you're using ApacheDS 1.5.0.
> > >
> > > On 5/16/07, Peter Neubauer <pe...@jayway.se> wrote:
> > > >
> > > > Hi there,
> > > > I am trying to set up ADS with Crowd, SVN and Mailman. I have three
> > > > issues I would like to solve:
> > >
> > >
> > > Very cool ... btw did you know that Justin Stepka is integrating
> > ApacheDS
> > > with Crowd.  Perhaps some of the work he's doing could be combined with
> > > your needs.
> > >
> > > 1. A system for signing up new users against ADS and changing
> > > > passwords (I think Crowd is not yet supporting this, and I don't mind
> > > > a separate page/application to handle LDAP users and profiles)
> > >
> > >
> > > That's really easy to whip together but one does not exist at this point
> > > in time.  You're talking about a simple self service web application I
> > > think for users to manage their accounts.  If you're interested we could
> > > build something here to do that quickly.  Would you like to work on
> > > something like that with us?  We could have something up and running
> > > within days I think.
> > >
> > > Also we could build something like this into ApacheDS as an optional
> > > service with Jetty so users can use this web app to manage their
> > accounts.
> > > Tim Bennett might also lend a hand so we can do this using Wicket.
> > >
> > > 2. ADS should only accept valid mail address strings as both username
> > > > and email when trying to add a new user
> > >
> > >
> > > That's easily done.   A custom syntax checker can be used
> > > so ADS itself constrains these fields.  And/or we can make the
> > > self service application do this too.
> > >
> > > 3. A new user should be automatically be added to some default groups
> > >
> > >
> > > This can easily be done with ADS Triggers in 1.5.0.  We simply create a
> > > AFTER ADD trigger on user entries and make it cal a Stored Procedures
> > (SP)
> > > which modifies group entries to add an additional member of attribute.
> > >
> > > This can be achieved even without a restart.
> > >
> > > Ersin perhaps you can lend us a hand to do this?
> > >
> > > Is that achieveable from within ADS?
> > >
> > >
> > >
> > > #3 and #2 is achievable out of the box with ADS 1.5.x.  #1 requires a
> > web
> > > application for password self service.
> > >
> > > BTW for #1 it would be nice to have a special attribute for the answer
> > to a
> > > question
> > > that only the user knows, like the name of their pet, to reset their
> > > password etc.
> > >
> > > Regards,
> > > Alex
> > >
> >
>

Re: Email validation and default groups

[Alex Karasulu <ak...@apache.org>]

We could do it at OPS4J however it would be nice to keep the project here
since it is so closely coupled to ApacheDS.  Is this ok for you?  If you can

submit some patches at first we can apply then to a sandbox area for this
then I'm sure we could kick off a vote to get you karma to work on this
stuff
here.  I know it's not as open as working on stuff over at OPS4J but after
this
tiny hurdle we can get moving rapidly.

Alex

On 5/18/07, Peter Neubauer <pe...@jayway.se> wrote:
>
> Alex,
> I am using 1.5, would be great to get inte using triggers for internal
> stuff and get going on the self service app. that one is necessary
> even for crowd since using it disables the account sign us and
> management features of e.g. jira.
> i imagine a small web app or standalone via osgi with embedde mea
> server and spring ldap.
> I think this is a common admin client like ldap studio and should
> reside here and be very flexible in terms of skimming.
> i could start something in the ops4j laboratory in order to get going
> next week?
> /peter
>
> On 5/16/07, Alex Karasulu <ak...@apache.org> wrote:
> > Hi Peter,
> >
> > Do me a favor and just let me know which version of ApacheDS you're
> using
> > so I can best help you.  I'll try to answer some of your questions below
> > presuming
> > that you're using ApacheDS 1.5.0.
> >
> > On 5/16/07, Peter Neubauer <pe...@jayway.se> wrote:
> > >
> > > Hi there,
> > > I am trying to set up ADS with Crowd, SVN and Mailman. I have three
> > > issues I would like to solve:
> >
> >
> > Very cool ... btw did you know that Justin Stepka is integrating
> ApacheDS
> > with Crowd.  Perhaps some of the work he's doing could be combined with
> > your needs.
> >
> > 1. A system for signing up new users against ADS and changing
> > > passwords (I think Crowd is not yet supporting this, and I don't mind
> > > a separate page/application to handle LDAP users and profiles)
> >
> >
> > That's really easy to whip together but one does not exist at this point
> > in time.  You're talking about a simple self service web application I
> > think for users to manage their accounts.  If you're interested we could
> > build something here to do that quickly.  Would you like to work on
> > something like that with us?  We could have something up and running
> > within days I think.
> >
> > Also we could build something like this into ApacheDS as an optional
> > service with Jetty so users can use this web app to manage their
> accounts.
> > Tim Bennett might also lend a hand so we can do this using Wicket.
> >
> > 2. ADS should only accept valid mail address strings as both username
> > > and email when trying to add a new user
> >
> >
> > That's easily done.   A custom syntax checker can be used
> > so ADS itself constrains these fields.  And/or we can make the
> > self service application do this too.
> >
> > 3. A new user should be automatically be added to some default groups
> >
> >
> > This can easily be done with ADS Triggers in 1.5.0.  We simply create a
> > AFTER ADD trigger on user entries and make it cal a Stored Procedures
> (SP)
> > which modifies group entries to add an additional member of attribute.
> >
> > This can be achieved even without a restart.
> >
> > Ersin perhaps you can lend us a hand to do this?
> >
> > Is that achieveable from within ADS?
> >
> >
> >
> > #3 and #2 is achievable out of the box with ADS 1.5.x.  #1 requires a
> web
> > application for password self service.
> >
> > BTW for #1 it would be nice to have a special attribute for the answer
> to a
> > question
> > that only the user knows, like the name of their pet, to reset their
> > password etc.
> >
> > Regards,
> > Alex
> >
>

Re: Email validation and default groups

[Peter Neubauer <pe...@jayway.se>]

Alex,
I am using 1.5, would be great to get inte using triggers for internal
stuff and get going on the self service app. that one is necessary
even for crowd since using it disables the account sign us and
management features of e.g. jira.
i imagine a small web app or standalone via osgi with embedde mea
server and spring ldap.
 I think this is a common admin client like ldap studio and should
reside here and be very flexible in terms of skimming.
i could start something in the ops4j laboratory in order to get going
next week?
/peter

On 5/16/07, Alex Karasulu <ak...@apache.org> wrote:
> Hi Peter,
>
> Do me a favor and just let me know which version of ApacheDS you're using
> so I can best help you.  I'll try to answer some of your questions below
> presuming
> that you're using ApacheDS 1.5.0.
>
> On 5/16/07, Peter Neubauer <pe...@jayway.se> wrote:
> >
> > Hi there,
> > I am trying to set up ADS with Crowd, SVN and Mailman. I have three
> > issues I would like to solve:
>
>
> Very cool ... btw did you know that Justin Stepka is integrating ApacheDS
> with Crowd.  Perhaps some of the work he's doing could be combined with
> your needs.
>
> 1. A system for signing up new users against ADS and changing
> > passwords (I think Crowd is not yet supporting this, and I don't mind
> > a separate page/application to handle LDAP users and profiles)
>
>
> That's really easy to whip together but one does not exist at this point
> in time.  You're talking about a simple self service web application I
> think for users to manage their accounts.  If you're interested we could
> build something here to do that quickly.  Would you like to work on
> something like that with us?  We could have something up and running
> within days I think.
>
> Also we could build something like this into ApacheDS as an optional
> service with Jetty so users can use this web app to manage their accounts.
> Tim Bennett might also lend a hand so we can do this using Wicket.
>
> 2. ADS should only accept valid mail address strings as both username
> > and email when trying to add a new user
>
>
> That's easily done.   A custom syntax checker can be used
> so ADS itself constrains these fields.  And/or we can make the
> self service application do this too.
>
> 3. A new user should be automatically be added to some default groups
>
>
> This can easily be done with ADS Triggers in 1.5.0.  We simply create a
> AFTER ADD trigger on user entries and make it cal a Stored Procedures (SP)
> which modifies group entries to add an additional member of attribute.
>
> This can be achieved even without a restart.
>
> Ersin perhaps you can lend us a hand to do this?
>
> Is that achieveable from within ADS?
>
>
>
> #3 and #2 is achievable out of the box with ADS 1.5.x.  #1 requires a web
> application for password self service.
>
> BTW for #1 it would be nice to have a special attribute for the answer to a
> question
> that only the user knows, like the name of their pet, to reset their
> password etc.
>
> Regards,
> Alex
>

Re: Email validation and default groups

[Ersin Er <er...@gmail.com>]

Hi,

You may want to have a look at the
testAfterAddSubscribeUserToSomeGroups() test here:

http://svn.apache.org/viewvc/directory/apacheds/trunk/server-unit/src/test/java/org/apache/directory/server/DefaultServerTriggerServiceTest.java?view=markup

HTH,

On 5/18/07, Ersin Er <er...@gmail.com> wrote:
> On 5/16/07, Alex Karasulu <ak...@apache.org> wrote:
> > Hi Peter,
> >
> > Do me a favor and just let me know which version of ApacheDS you're using
> > so I can best help you.  I'll try to answer some of your questions below
> > presuming
> > that you're using ApacheDS 1.5.0.
> >
> > On 5/16/07, Peter Neubauer <pe...@jayway.se> wrote:
> > >
> > > Hi there,
> > > I am trying to set up ADS with Crowd, SVN and Mailman. I have three
> > > issues I would like to solve:
> >
> >
> > Very cool ... btw did you know that Justin Stepka is integrating ApacheDS
> > with Crowd.  Perhaps some of the work he's doing could be combined with
> > your needs.
> >
> > 1. A system for signing up new users against ADS and changing
> > > passwords (I think Crowd is not yet supporting this, and I don't mind
> > > a separate page/application to handle LDAP users and profiles)
> >
> >
> > That's really easy to whip together but one does not exist at this point
> > in time.  You're talking about a simple self service web application I
> > think for users to manage their accounts.  If you're interested we could
> > build something here to do that quickly.  Would you like to work on
> > something like that with us?  We could have something up and running
> > within days I think.
> >
> > Also we could build something like this into ApacheDS as an optional
> > service with Jetty so users can use this web app to manage their accounts.
> > Tim Bennett might also lend a hand so we can do this using Wicket.
> >
> > 2. ADS should only accept valid mail address strings as both username
> > > and email when trying to add a new user
> >
> >
> > That's easily done.   A custom syntax checker can be used
> > so ADS itself constrains these fields.  And/or we can make the
> > self service application do this too.
> >
> > 3. A new user should be automatically be added to some default groups
> >
> >
> > This can easily be done with ADS Triggers in 1.5.0.  We simply create a
> > AFTER ADD trigger on user entries and make it cal a Stored Procedures (SP)
> > which modifies group entries to add an additional member of attribute.
> >
> > This can be achieved even without a restart.
> >
> > Ersin perhaps you can lend us a hand to do this?
>
> Yes, of course.
>
> If it's possible let's see some code or document that can help us
> better understand what needs to be done and then I can easily complete
> the trigger plumbing to achieve the result. Although we would like
> users themselves be able to use triggers with the tools we will
> hopefully develop, it may be good to do a demonstration with a real
> world case.
>
> > Is that achieveable from within ADS?
> >
> >
> >
> > #3 and #2 is achievable out of the box with ADS 1.5.x.  #1 requires a web
> > application for password self service.
> >
> > BTW for #1 it would be nice to have a special attribute for the answer to a
> > question
> > that only the user knows, like the name of their pet, to reset their
> > password etc.
> >
> > Regards,
> > Alex
> >
>
>
> --
> Ersin
>


-- 
Ersin

Re: Email validation and default groups

[Ersin Er <er...@gmail.com>]

On 5/16/07, Alex Karasulu <ak...@apache.org> wrote:
> Hi Peter,
>
> Do me a favor and just let me know which version of ApacheDS you're using
> so I can best help you.  I'll try to answer some of your questions below
> presuming
> that you're using ApacheDS 1.5.0.
>
> On 5/16/07, Peter Neubauer <pe...@jayway.se> wrote:
> >
> > Hi there,
> > I am trying to set up ADS with Crowd, SVN and Mailman. I have three
> > issues I would like to solve:
>
>
> Very cool ... btw did you know that Justin Stepka is integrating ApacheDS
> with Crowd.  Perhaps some of the work he's doing could be combined with
> your needs.
>
> 1. A system for signing up new users against ADS and changing
> > passwords (I think Crowd is not yet supporting this, and I don't mind
> > a separate page/application to handle LDAP users and profiles)
>
>
> That's really easy to whip together but one does not exist at this point
> in time.  You're talking about a simple self service web application I
> think for users to manage their accounts.  If you're interested we could
> build something here to do that quickly.  Would you like to work on
> something like that with us?  We could have something up and running
> within days I think.
>
> Also we could build something like this into ApacheDS as an optional
> service with Jetty so users can use this web app to manage their accounts.
> Tim Bennett might also lend a hand so we can do this using Wicket.
>
> 2. ADS should only accept valid mail address strings as both username
> > and email when trying to add a new user
>
>
> That's easily done.   A custom syntax checker can be used
> so ADS itself constrains these fields.  And/or we can make the
> self service application do this too.
>
> 3. A new user should be automatically be added to some default groups
>
>
> This can easily be done with ADS Triggers in 1.5.0.  We simply create a
> AFTER ADD trigger on user entries and make it cal a Stored Procedures (SP)
> which modifies group entries to add an additional member of attribute.
>
> This can be achieved even without a restart.
>
> Ersin perhaps you can lend us a hand to do this?

Yes, of course.

If it's possible let's see some code or document that can help us
better understand what needs to be done and then I can easily complete
the trigger plumbing to achieve the result. Although we would like
users themselves be able to use triggers with the tools we will
hopefully develop, it may be good to do a demonstration with a real
world case.

> Is that achieveable from within ADS?
>
>
>
> #3 and #2 is achievable out of the box with ADS 1.5.x.  #1 requires a web
> application for password self service.
>
> BTW for #1 it would be nice to have a special attribute for the answer to a
> question
> that only the user knows, like the name of their pet, to reset their
> password etc.
>
> Regards,
> Alex
>


-- 
Ersin

Re: Email validation and default groups

[Alex Karasulu <ak...@apache.org>]

Hi Peter,

Do me a favor and just let me know which version of ApacheDS you're using
so I can best help you.  I'll try to answer some of your questions below
presuming
that you're using ApacheDS 1.5.0.

On 5/16/07, Peter Neubauer <pe...@jayway.se> wrote:
>
> Hi there,
> I am trying to set up ADS with Crowd, SVN and Mailman. I have three
> issues I would like to solve:


Very cool ... btw did you know that Justin Stepka is integrating ApacheDS
with Crowd.  Perhaps some of the work he's doing could be combined with
your needs.

1. A system for signing up new users against ADS and changing
> passwords (I think Crowd is not yet supporting this, and I don't mind
> a separate page/application to handle LDAP users and profiles)


That's really easy to whip together but one does not exist at this point
in time.  You're talking about a simple self service web application I
think for users to manage their accounts.  If you're interested we could
build something here to do that quickly.  Would you like to work on
something like that with us?  We could have something up and running
within days I think.

Also we could build something like this into ApacheDS as an optional
service with Jetty so users can use this web app to manage their accounts.
Tim Bennett might also lend a hand so we can do this using Wicket.

2. ADS should only accept valid mail address strings as both username
> and email when trying to add a new user


That's easily done.   A custom syntax checker can be used
so ADS itself constrains these fields.  And/or we can make the
self service application do this too.

3. A new user should be automatically be added to some default groups


This can easily be done with ADS Triggers in 1.5.0.  We simply create a
AFTER ADD trigger on user entries and make it cal a Stored Procedures (SP)
which modifies group entries to add an additional member of attribute.

This can be achieved even without a restart.

Ersin perhaps you can lend us a hand to do this?

Is that achieveable from within ADS?



#3 and #2 is achievable out of the box with ADS 1.5.x.  #1 requires a web
application for password self service.

BTW for #1 it would be nice to have a special attribute for the answer to a
question
that only the user knows, like the name of their pet, to reset their
password etc.

Regards,
Alex

Re: Email validation and default groups

[Chris Custine <ch...@gmail.com>]

Hi Peter..

On 5/16/07, Peter Neubauer <pe...@jayway.se> wrote:
>
> Hi there,
> I am trying to set up ADS with Crowd, SVN and Mailman. I have three
> issues I would like to solve:
>
> 1. A system for signing up new users against ADS and changing
> passwords (I think Crowd is not yet supporting this, and I don't mind
> a separate page/application to handle LDAP users and profiles)


You would definitely have to provide the front end part on your own at the
moment.

2. ADS should only accept valid mail address strings as both username
> and email when trying to add a new user


So IIUC, you want to accept only valid email address format for uid and mail
attributes, and maybe just collect the mail address and use it for uid by
default?  In any case, the standard inetorgperson schema mail and uid
attributes are strings so the format could be any valid string.  You could
implement either an interceptor or a trigger (new in 1.5) directly in ADS,
but my thinking is that if you are already building the front end for self
registration and maintenance, it might be a lot easier to just check the
syntax and validation rules there.

3. A new user should be automatically be added to some default groups


This type of action is definitely what triggers are going to be used for,
but 1.5 is just the first implementation and we don't have the tooling yet
to make this easy to implement and maintain. As with the answer for #2, it
is probably easier to do this from the front end at the moment and
automatically add the newly created entry to the default groups right after
it is created.

Like I said, you can definitely do these things from within ADS and if thats
the route you want to take we can help you do it if you are willing to spend
a little extra effort on it.  These tasks will be much easier to implement
in ADS in upcoming releases with some additional tooling and additional
trigger options.

Is that achieveable from within ADS?
>
> Cheers
>
> /peter
>