Jetspeed LDAP connectivity

[Davy De Waele <se...@pandora.be>]

Hi,

After having a look at the LDAP Configuration section on the apache
website, I decided to connect my Sun Directory Server to my Jetspeed2
installation.

After fiddling around with the LDAP schema, Jetspeed source code &
Spring configuration, I managed to get certain things up & running.

My general question, besides the one below, is if there is some kind of
roadmap or planning when it comes to extending the LDAP support in the
Jetspeed security module?


SecurityHandlers
----------------
When I downloaded the jetspeed distribution, the authorization config
(security-spi-atz.xml) didn't use any LDAP specific SecurityHandlers.
(The codebase does contain handlers for credentials, groups and users,
but apparently lacks support for roles).

Is it correct that there is a dependency between the SecurityHandlers
and the SecurityMapper ? I had the impression that during the creation
of the groups, everything was stored correctly in LDAP, but when it came
to assigning those groups to users, Jetspeed expected to find the groups
in the database, and didn't bother to check the LDAP.


SecurityMappers
---------------
So after replacing the default handlers with LDAP specific handlers, I
tried using the LdapSecurityMapper instead of the DefaultSecurityMapper

A few hiccups aside, everything seemed to be working pretty well. I was
able to store users/groups in LDAP, and even managed to get the group
assignment working through the LdapSecurityMapper.
However, the fact that the role part was unimplemented rendered this
solution unusable for now.


Encrypted passwords in LDAP
---------------------------
The Sun Directory Server stores encrypted passwords. Jetspeed doesn't
have any means to decrypt them, so the only way to authenticate a user
is to use the encrypted password string from LDAP, and use that to
perform a login.
What are the plans to handle this?


Using uniqueMember of memberOf attributes
-----------------------------------------
Assigning users to groups/roles apparently depends on the
j2-group/j2-role multi-value attributes that are stored on the user
level. Are there any plans to support uniqueMember, or memberOf
attributes? This would facilitate the integration of existing corporate
LDAP trees with Jetspeed.


To conclude this, I would just like to say that the first time I ever
encountered Jetspeed was about 4 years ago when we evaluated it for a
portal based solution. Unfortunately, the project at the time wasn't
nearly as mature as it is now, and it also suffered tremendous
performance issues. It's great to see how the project has evolved! Keep
up the good work!

Greetings,

Davy






---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org