You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Jim Alateras <ji...@intalio.com> on 2002/08/17 04:30:56 UTC
Authorization through LDAP
We are trying to integrate Slide with LDAP and have so far managed to get
the authentication working through LDAP but we still need to work on
authorization. I have the following questions
1. The documentation indicates that we can federate our repository across a
number of different stores. Has anyone tried this?
2. If 1 works is it possible to split the /users section in to an LDAP store
and keep the rest in a JDBC store? I am assuming that an LDAP store does not
currently exist and I would have to create one? I am also assuming that I
would need to store serialized Java objects (SubjectNodes) in LDAP, is this
correct?
3. If the /users are stored in LDAP could I have actions and permissions
still stored in the JDBC store.
4. If I develop an LDAPStore do I need to modify anything else to get LDAP
authorization going?
cheers
</jima>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Authorization through LDAP
Posted by Tom Wang <to...@panscopic.com>.
Jim,
It took us about a month of work (1 engineer), including design/coding and
some testing. But we had to develop a generic authentication framework
(using JAAS) since our product also had to support schemes other than LDAP
(such as database). So it'll be less if you just need LDAP.
Tom Wang
Panscopic Corporation
Web Reporting, Just Add Data
http://www.panscopic.com/
> -----Original Message-----
> From: Jim Alateras [mailto:jima@intalio.com]
> Sent: Sunday, August 25, 2002 1:58 PM
> To: Slide Users Mailing List; tomw@panscopic.com
> Subject: RE: Authorization through LDAP
>
>
> Tom,
>
> How long did it take?
>
> cheers
> </jima>
>
> > -----Original Message-----
> > From: Tom Wang [mailto:tomw@panscopic.com]
> > Sent: Thursday, August 22, 2002 9:47 AM
> > To: Slide Users Mailing List; jima@intalio.com
> > Subject: RE: Authorization through LDAP
> >
> >
> > Jim,
> >
> > We did it in our web reporting product. We tested against Sun's iPlanet
> > LDAP server. We had to modify Slide's source code for
> performance reason.
> > Also, we didn't use Slide's user/group idea (they're flexible but
> > we wanted
> > something simpler). Instead we wrote our own user and ACL objects. Our
> > server authenticates users against LDAP server and then creates a "User"
> > object, which is then wrapped into Slide's CredentialsToken
> > object. We also
> > had to modify the security helpers to make it work. But
> overall Slide has
> > made huge contributions to our project (my hat off to all
> developers!) and
> > the integration with LDAP was fairly reasonable to deal with.
> >
> > Hope this helps.
> >
> > Tom Wang
> > Panscopic Corporation
> > Web Reporting, Just Add Data
> > http://www.panscopic.com/
> >
> >
> > > -----Original Message-----
> > > From: Jim Alateras [mailto:jima@intalio.com]
> > > Sent: Friday, August 16, 2002 7:31 PM
> > > To: Slide Users Mailing List
> > > Subject: Authorization through LDAP
> > >
> > >
> > > We are trying to integrate Slide with LDAP and have so far
> > managed to get
> > > the authentication working through LDAP but we still need to work on
> > > authorization. I have the following questions
> > >
> > > 1. The documentation indicates that we can federate our
> > > repository across a
> > > number of different stores. Has anyone tried this?
> > >
> > > 2. If 1 works is it possible to split the /users section in to an
> > > LDAP store
> > > and keep the rest in a JDBC store? I am assuming that an LDAP
> > > store does not
> > > currently exist and I would have to create one? I am also
> > assuming that I
> > > would need to store serialized Java objects (SubjectNodes) in
> > > LDAP, is this
> > > correct?
> > >
> > > 3. If the /users are stored in LDAP could I have actions and
> permissions
> > > still stored in the JDBC store.
> > >
> > > 4. If I develop an LDAPStore do I need to modify anything else
> > to get LDAP
> > > authorization going?
> > >
> > >
> > > cheers
> > > </jima>
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> > <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Authorization through LDAP
Posted by Jim Alateras <ji...@intalio.com>.
Tom,
How long did it take?
cheers
</jima>
> -----Original Message-----
> From: Tom Wang [mailto:tomw@panscopic.com]
> Sent: Thursday, August 22, 2002 9:47 AM
> To: Slide Users Mailing List; jima@intalio.com
> Subject: RE: Authorization through LDAP
>
>
> Jim,
>
> We did it in our web reporting product. We tested against Sun's iPlanet
> LDAP server. We had to modify Slide's source code for performance reason.
> Also, we didn't use Slide's user/group idea (they're flexible but
> we wanted
> something simpler). Instead we wrote our own user and ACL objects. Our
> server authenticates users against LDAP server and then creates a "User"
> object, which is then wrapped into Slide's CredentialsToken
> object. We also
> had to modify the security helpers to make it work. But overall Slide has
> made huge contributions to our project (my hat off to all developers!) and
> the integration with LDAP was fairly reasonable to deal with.
>
> Hope this helps.
>
> Tom Wang
> Panscopic Corporation
> Web Reporting, Just Add Data
> http://www.panscopic.com/
>
>
> > -----Original Message-----
> > From: Jim Alateras [mailto:jima@intalio.com]
> > Sent: Friday, August 16, 2002 7:31 PM
> > To: Slide Users Mailing List
> > Subject: Authorization through LDAP
> >
> >
> > We are trying to integrate Slide with LDAP and have so far
> managed to get
> > the authentication working through LDAP but we still need to work on
> > authorization. I have the following questions
> >
> > 1. The documentation indicates that we can federate our
> > repository across a
> > number of different stores. Has anyone tried this?
> >
> > 2. If 1 works is it possible to split the /users section in to an
> > LDAP store
> > and keep the rest in a JDBC store? I am assuming that an LDAP
> > store does not
> > currently exist and I would have to create one? I am also
> assuming that I
> > would need to store serialized Java objects (SubjectNodes) in
> > LDAP, is this
> > correct?
> >
> > 3. If the /users are stored in LDAP could I have actions and permissions
> > still stored in the JDBC store.
> >
> > 4. If I develop an LDAPStore do I need to modify anything else
> to get LDAP
> > authorization going?
> >
> >
> > cheers
> > </jima>
> >
> >
> > --
> > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Authorization through LDAP
Posted by Tom Wang <to...@panscopic.com>.
Jim,
We did it in our web reporting product. We tested against Sun's iPlanet
LDAP server. We had to modify Slide's source code for performance reason.
Also, we didn't use Slide's user/group idea (they're flexible but we wanted
something simpler). Instead we wrote our own user and ACL objects. Our
server authenticates users against LDAP server and then creates a "User"
object, which is then wrapped into Slide's CredentialsToken object. We also
had to modify the security helpers to make it work. But overall Slide has
made huge contributions to our project (my hat off to all developers!) and
the integration with LDAP was fairly reasonable to deal with.
Hope this helps.
Tom Wang
Panscopic Corporation
Web Reporting, Just Add Data
http://www.panscopic.com/
> -----Original Message-----
> From: Jim Alateras [mailto:jima@intalio.com]
> Sent: Friday, August 16, 2002 7:31 PM
> To: Slide Users Mailing List
> Subject: Authorization through LDAP
>
>
> We are trying to integrate Slide with LDAP and have so far managed to get
> the authentication working through LDAP but we still need to work on
> authorization. I have the following questions
>
> 1. The documentation indicates that we can federate our
> repository across a
> number of different stores. Has anyone tried this?
>
> 2. If 1 works is it possible to split the /users section in to an
> LDAP store
> and keep the rest in a JDBC store? I am assuming that an LDAP
> store does not
> currently exist and I would have to create one? I am also assuming that I
> would need to store serialized Java objects (SubjectNodes) in
> LDAP, is this
> correct?
>
> 3. If the /users are stored in LDAP could I have actions and permissions
> still stored in the JDBC store.
>
> 4. If I develop an LDAPStore do I need to modify anything else to get LDAP
> authorization going?
>
>
> cheers
> </jima>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>