You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by Matt MacDonald <ma...@mitre.org> on 2003/05/21 15:38:44 UTC
Using existing LDAP schema for authentication and roles and groups
Hi I am new to Jetspeed and Turbine but quite familiar with portal
applications as I have been actively developing a portal solution on Sun
One Portal 6.0 which supports 5000 users on a corporate intranet. I
decided to take a look at Jetspeed to compare the capabilities of the
two platforms. So far I like what Jetspeed provides WRT developing and
deploying a portlet and it seems much easier than to do so within the
Sun framework. I was hoping to have a few questions answered or at least
be guided in the right direction to learn more about these topics.
Authentication:
Reading through the documentation and mailing list postings about the
LDAP authentication topic it seems that there is very little mentioned
about how to authenticate a user against an existing LDAP schema. We
have an existing LDAP schema that is maintained by another group and the
schema is fixed. I would like to configure the Jetspeed/Turbine
authentication mechanism to use our existing LDAP directory to validate
username and password pairs and construct a JetspeedUser based upon
existing LDAP attributes. My access to this LDAP server is read only.
Could someone please provide me with detailed instructions or point me
in the right direction?
Roles and Groups
Our existing LDAP schema contains information about roles and
organizations (groups) - Is it possible to bind these existing
attributes to the Jetspeed Role and Group concept?
The authentication area is the one thing really holding me back from
pushing the use of Jetspeed as the implementation contains most
everything that we would want to use.
-thanks
-matt
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
Re: Using existing LDAP schema for authentication and roles and groups
Posted by David Sean Taylor <da...@bluesunrise.com>.
On Wednesday, May 21, 2003, at 01:08 PM, Matt MacDonald wrote:
> Hi Dave,
>
> Thanks for your detailed instructions - I'll start coding my own
> authentication service. Does anyone know the status of fitting all
> these ldap pieces together? ie. using external ldap for
> authentication, binding Jetspeed user, role and groups to ldap
> attributes within Jetspeed? Who is working on it? Any published design
> documents? Target release dates?
>
> Again thanks to everyone who responded to this thread.
>
I know this is an important feature, but I don't have much time for it
now unfortunately.
However others are actively working with Jetspeed and LDAP.
Try talking to Sami and Ender on the jetspeed-dev list
--
David Sean Taylor
Bluesunrise Software
david@bluesunrise.com
+01 707 773-4646
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
Re: Using existing LDAP schema for authentication and roles and groups
Posted by Matt MacDonald <ma...@mitre.org>.
Hi Dave,
Thanks for your detailed instructions - I'll start coding my own
authentication service. Does anyone know the status of fitting all these
ldap pieces together? ie. using external ldap for authentication,
binding Jetspeed user, role and groups to ldap attributes within
Jetspeed? Who is working on it? Any published design documents? Target
release dates?
Again thanks to everyone who responded to this thread.
-matt
David E Noel wrote:
>Matt,
> I agree with your statements. Most medium to large companies will
>already have a user and group schema defined and you will not have direct
>write access to the directory. Fortunately Jetspeed allows you to plug in
>user management,authentication, etc. services. Unfortunately, It seems no
>one has done it for a read-only pre defined LDAP schema. There would also
>have to be a mapping layer for the LDAP <-> Jetspeed attributes.
>
>In the mean time this is something that may work for you. It did for me.
>Only Authenticate users with your LDAP server. Store all the other
>information about a user(groups, name, etc) in a database using the
>default Turbine services. There are obvious downsides to doing this but
>it may be enough to justify the use of Jetspeed until a full blown
>customized LDAP service is available.
>
>If you are interested here is basically what I did.
>
>Write your own authentication service(extend the TurbineAuthentication
>Service so you don't have to rewrite all the methods). In here when a
>user tries to log in to the service try to bind as the user to your ldap
>server. If successful and the user has not logged in before (The jetspeed
>user does not exist), create a new jetspeed user filling in Jetspeed user
>attributes with attributes you manually fetch from your LDAP server for
>the user. If the bind is successful and the user already exists just log
>them in. You will also need to deactivate the create account setting.
>
>Hope that Helps
>
>Dave
>
>Dave Noel
>
>
>
>
>
>Matt MacDonald <ma...@mitre.org>
>05/21/2003 03:20 PM
>Please respond to "Jetspeed Users List"
>
> To: Jetspeed Users List <je...@jakarta.apache.org>
> cc:
> Subject: Re: Using existing LDAP schema for authentication
>and roles and groups
>
>
>Just in case my question wasn't exactly clear... I understand that the
>security service is pluggable and that there is an LDAP implementation
>but from the documentation it seems that you are forced into using a new
>schema that Jetspeed defines be it stored in LDAP or a relational
>database. Am I wrong in making that statement?
>
>The requirement that a new user schema be generated somehow doesn't seem
>realistic. Many corporatations already have invested a lot of time in
>well defined user schemas that reside in databases (relational or LDAP)
>and it would be difficult to convince staff to adopt a new/modify
>existing schemas to support a portal server. I speak from experience on
>this one... I saw how long it took to get one new attribute added to the
>People object of our LDAP schema.
>
>I think the ability for Jetspeed to utilize & integrate existing user
>information should be of a high priority if it is to compete with the
>commercial products. The Sun portal server that we use allows us to
>authenticate users using LDAP, Cert, Unix, RADIUS or membership and then
>dynamically generates a portal user profile. I'm not stating that the
>Sun portal server is the best product in the world it has it's drawbacks
>as well - it suffers from some of the same problems that Jetspeed does
>in it's inability to bind ldap attributes to portal user objects and
>suffers the same problem with groups and roles. We have talked with Sun
>about this and it is a high priority item for them to put this
>functionality back in the product (it was in the 3.0 version).
>
>I really like what I see in other areas of the product and would like to
>encourage our corporation to use and support Jetspeed but until some of
>these issues are addressed it would be difficult to promote it's use.
>
>-matt
>
>
>David Sean Taylor wrote:
>
>
>
>>On Wednesday, May 21, 2003, at 06:38 AM, Matt MacDonald wrote:
>>
>>
>>
>>>Hi I am new to Jetspeed and Turbine but quite familiar with portal
>>>applications as I have been actively developing a portal solution on
>>>Sun One Portal 6.0 which supports 5000 users on a corporate intranet.
>>>I decided to take a look at Jetspeed to compare the capabilities of
>>>the two platforms. So far I like what Jetspeed provides WRT
>>>developing and deploying a portlet and it seems much easier than to
>>>do so within the Sun framework. I was hoping to have a few questions
>>>answered or at least be guided in the right direction to learn more
>>>about these topics.
>>>
>>>Authentication:
>>>Reading through the documentation and mailing list postings about the
>>>LDAP authentication topic it seems that there is very little
>>>mentioned about how to authenticate a user against an existing LDAP
>>>schema. We have an existing LDAP schema that is maintained by another
>>>group and the schema is fixed. I would like to configure the
>>>Jetspeed/Turbine authentication mechanism to use our existing LDAP
>>>directory to validate username and password pairs and construct a
>>>JetspeedUser based upon existing LDAP attributes. My access to this
>>>LDAP server is read only. Could someone please provide me with
>>>detailed instructions or point me in the right direction?
>>>
>>>
>>>
>>Jetspeed Security services are pluggable. The default uses a database.
>>There is a second implementation using LDAP
>>See
>>
>>http://cvs.apache.org/viewcvs/jakarta-jetspeed/src/ldap/
>>
>>
>>
>>
>>>Roles and Groups
>>>Our existing LDAP schema contains information about roles and
>>>organizations (groups) - Is it possible to bind these existing
>>>attributes to the Jetspeed Role and Group concept?
>>>
>>>
>>>
>>See the Jetspeed Security model described here
>>
>>http://jakarta.apache.org/jetspeed/site/security.html
>>
>>
>>
>>>The authentication area is the one thing really holding me back from
>>>pushing the use of Jetspeed as the implementation contains most
>>>everything that we would want to use.
>>>
>>>
>>>
>>>-thanks
>>>-matt
>>>
>>>
>>>
>>--
>>David Sean Taylor
>>Bluesunrise Software
>>david@bluesunrise.com
>>+01 707 773-4646
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
>>
>>
>>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
Re: Using existing LDAP schema for authentication and roles and groups
Posted by David E Noel <de...@us.ibm.com>.
Matt,
I agree with your statements. Most medium to large companies will
already have a user and group schema defined and you will not have direct
write access to the directory. Fortunately Jetspeed allows you to plug in
user management,authentication, etc. services. Unfortunately, It seems no
one has done it for a read-only pre defined LDAP schema. There would also
have to be a mapping layer for the LDAP <-> Jetspeed attributes.
In the mean time this is something that may work for you. It did for me.
Only Authenticate users with your LDAP server. Store all the other
information about a user(groups, name, etc) in a database using the
default Turbine services. There are obvious downsides to doing this but
it may be enough to justify the use of Jetspeed until a full blown
customized LDAP service is available.
If you are interested here is basically what I did.
Write your own authentication service(extend the TurbineAuthentication
Service so you don't have to rewrite all the methods). In here when a
user tries to log in to the service try to bind as the user to your ldap
server. If successful and the user has not logged in before (The jetspeed
user does not exist), create a new jetspeed user filling in Jetspeed user
attributes with attributes you manually fetch from your LDAP server for
the user. If the bind is successful and the user already exists just log
them in. You will also need to deactivate the create account setting.
Hope that Helps
Dave
Dave Noel
Matt MacDonald <ma...@mitre.org>
05/21/2003 03:20 PM
Please respond to "Jetspeed Users List"
To: Jetspeed Users List <je...@jakarta.apache.org>
cc:
Subject: Re: Using existing LDAP schema for authentication
and roles and groups
Just in case my question wasn't exactly clear... I understand that the
security service is pluggable and that there is an LDAP implementation
but from the documentation it seems that you are forced into using a new
schema that Jetspeed defines be it stored in LDAP or a relational
database. Am I wrong in making that statement?
The requirement that a new user schema be generated somehow doesn't seem
realistic. Many corporatations already have invested a lot of time in
well defined user schemas that reside in databases (relational or LDAP)
and it would be difficult to convince staff to adopt a new/modify
existing schemas to support a portal server. I speak from experience on
this one... I saw how long it took to get one new attribute added to the
People object of our LDAP schema.
I think the ability for Jetspeed to utilize & integrate existing user
information should be of a high priority if it is to compete with the
commercial products. The Sun portal server that we use allows us to
authenticate users using LDAP, Cert, Unix, RADIUS or membership and then
dynamically generates a portal user profile. I'm not stating that the
Sun portal server is the best product in the world it has it's drawbacks
as well - it suffers from some of the same problems that Jetspeed does
in it's inability to bind ldap attributes to portal user objects and
suffers the same problem with groups and roles. We have talked with Sun
about this and it is a high priority item for them to put this
functionality back in the product (it was in the 3.0 version).
I really like what I see in other areas of the product and would like to
encourage our corporation to use and support Jetspeed but until some of
these issues are addressed it would be difficult to promote it's use.
-matt
David Sean Taylor wrote:
>
> On Wednesday, May 21, 2003, at 06:38 AM, Matt MacDonald wrote:
>
>> Hi I am new to Jetspeed and Turbine but quite familiar with portal
>> applications as I have been actively developing a portal solution on
>> Sun One Portal 6.0 which supports 5000 users on a corporate intranet.
>> I decided to take a look at Jetspeed to compare the capabilities of
>> the two platforms. So far I like what Jetspeed provides WRT
>> developing and deploying a portlet and it seems much easier than to
>> do so within the Sun framework. I was hoping to have a few questions
>> answered or at least be guided in the right direction to learn more
>> about these topics.
>>
>> Authentication:
>> Reading through the documentation and mailing list postings about the
>> LDAP authentication topic it seems that there is very little
>> mentioned about how to authenticate a user against an existing LDAP
>> schema. We have an existing LDAP schema that is maintained by another
>> group and the schema is fixed. I would like to configure the
>> Jetspeed/Turbine authentication mechanism to use our existing LDAP
>> directory to validate username and password pairs and construct a
>> JetspeedUser based upon existing LDAP attributes. My access to this
>> LDAP server is read only. Could someone please provide me with
>> detailed instructions or point me in the right direction?
>>
> Jetspeed Security services are pluggable. The default uses a database.
> There is a second implementation using LDAP
> See
>
> http://cvs.apache.org/viewcvs/jakarta-jetspeed/src/ldap/
>
>
>> Roles and Groups
>> Our existing LDAP schema contains information about roles and
>> organizations (groups) - Is it possible to bind these existing
>> attributes to the Jetspeed Role and Group concept?
>>
> See the Jetspeed Security model described here
>
> http://jakarta.apache.org/jetspeed/site/security.html
>
>> The authentication area is the one thing really holding me back from
>> pushing the use of Jetspeed as the implementation contains most
>> everything that we would want to use.
>>
>
>> -thanks
>> -matt
>>
>
> --
> David Sean Taylor
> Bluesunrise Software
> david@bluesunrise.com
> +01 707 773-4646
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
YNT: Using existing LDAP schema for authentication and roles and groups
Posted by Ender Hikmet KILIÇOÐLU <en...@kilicoglu.nom.tr>.
Possible using some tricky method (I d?d it for one time)
first method to sperate some user and role lookups for database and users.
For example you had to look db for anon, admin and turbine user. All group
info comes from database also but user queries goest o ldap.
Second method is manually populating necessary objects. You will create and
put on cache on initialization time.
Next you had to change ldap fields for your needs.
Also as you dont now auth method on ldap site you had to make some logic for
auto bind.
So its not a clean wa but it works
Ender
-----Özgün Ileti-----
Kimden: Matt MacDonald [mailto:mattm@mitre.org]
Tarih: Wednesday, May 21, 2003 10:20 PM
Kime: Jetspeed Users List
Konu: Re: Using existing LDAP schema for authentication and roles and
groups
Just in case my question wasn't exactly clear... I understand that the
security service is pluggable and that there is an LDAP implementation
but from the documentation it seems that you are forced into using a new
schema that Jetspeed defines be it stored in LDAP or a relational
database. Am I wrong in making that statement?
The requirement that a new user schema be generated somehow doesn't seem
realistic. Many corporatations already have invested a lot of time in
well defined user schemas that reside in databases (relational or LDAP)
and it would be difficult to convince staff to adopt a new/modify
existing schemas to support a portal server. I speak from experience on
this one... I saw how long it took to get one new attribute added to the
People object of our LDAP schema.
I think the ability for Jetspeed to utilize & integrate existing user
information should be of a high priority if it is to compete with the
commercial products. The Sun portal server that we use allows us to
authenticate users using LDAP, Cert, Unix, RADIUS or membership and then
dynamically generates a portal user profile. I'm not stating that the
Sun portal server is the best product in the world it has it's drawbacks
as well - it suffers from some of the same problems that Jetspeed does
in it's inability to bind ldap attributes to portal user objects and
suffers the same problem with groups and roles. We have talked with Sun
about this and it is a high priority item for them to put this
functionality back in the product (it was in the 3.0 version).
I really like what I see in other areas of the product and would like to
encourage our corporation to use and support Jetspeed but until some of
these issues are addressed it would be difficult to promote it's use.
-matt
David Sean Taylor wrote:
>
> On Wednesday, May 21, 2003, at 06:38 AM, Matt MacDonald wrote:
>
>> Hi I am new to Jetspeed and Turbine but quite familiar with portal
>> applications as I have been actively developing a portal solution on
>> Sun One Portal 6.0 which supports 5000 users on a corporate intranet.
>> I decided to take a look at Jetspeed to compare the capabilities of
>> the two platforms. So far I like what Jetspeed provides WRT
>> developing and deploying a portlet and it seems much easier than to
>> do so within the Sun framework. I was hoping to have a few questions
>> answered or at least be guided in the right direction to learn more
>> about these topics.
>>
>> Authentication:
>> Reading through the documentation and mailing list postings about the
>> LDAP authentication topic it seems that there is very little
>> mentioned about how to authenticate a user against an existing LDAP
>> schema. We have an existing LDAP schema that is maintained by another
>> group and the schema is fixed. I would like to configure the
>> Jetspeed/Turbine authentication mechanism to use our existing LDAP
>> directory to validate username and password pairs and construct a
>> JetspeedUser based upon existing LDAP attributes. My access to this
>> LDAP server is read only. Could someone please provide me with
>> detailed instructions or point me in the right direction?
>>
> Jetspeed Security services are pluggable. The default uses a database.
> There is a second implementation using LDAP
> See
>
> http://cvs.apache.org/viewcvs/jakarta-jetspeed/src/ldap/
>
>
>> Roles and Groups
>> Our existing LDAP schema contains information about roles and
>> organizations (groups) - Is it possible to bind these existing
>> attributes to the Jetspeed Role and Group concept?
>>
> See the Jetspeed Security model described here
>
> http://jakarta.apache.org/jetspeed/site/security.html
>
>> The authentication area is the one thing really holding me back from
>> pushing the use of Jetspeed as the implementation contains most
>> everything that we would want to use.
>>
>
>> -thanks
>> -matt
>>
>
> --
> David Sean Taylor
> Bluesunrise Software
> david@bluesunrise.com
> +01 707 773-4646
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
Re: Using existing LDAP schema for authentication and roles and groups
Posted by David Sean Taylor <da...@bluesunrise.com>.
On Wednesday, May 21, 2003, at 12:20 PM, Matt MacDonald wrote:
> Just in case my question wasn't exactly clear... I understand that the
> security service is pluggable and that there is an LDAP implementation
> but from the documentation it seems that you are forced into using a
> new schema that Jetspeed defines be it stored in LDAP or a relational
> database. Am I wrong in making that statement?
>
> The requirement that a new user schema be generated somehow doesn't
> seem realistic. Many corporatations already have invested a lot of
> time in well defined user schemas that reside in databases (relational
> or LDAP) and it would be difficult to convince staff to adopt a
> new/modify existing schemas to support a portal server. I speak from
> experience on this one... I saw how long it took to get one new
> attribute added to the People object of our LDAP schema.
>
I understand. Would it be possible to take it as an example of how to
write your own security services. That shouldn't be too large of an
effort.
If you only want to implement authentication, then simply write your
own authentication service and leave the rest to the default Jetspeed
implementations, or disable the parts of the portal security not
required.
> I think the ability for Jetspeed to utilize & integrate existing user
> information should be of a high priority if it is to compete with the
> commercial products. The Sun portal server that we use allows us to
> authenticate users using LDAP, Cert, Unix, RADIUS or membership and
> then dynamically generates a portal user profile. I'm not stating that
> the Sun portal server is the best product in the world it has it's
> drawbacks as well - it suffers from some of the same problems that
> Jetspeed does in it's inability to bind ldap attributes to portal user
> objects and suffers the same problem with groups and roles. We have
> talked with Sun about this and it is a high priority item for them to
> put this functionality back in the product (it was in the 3.0 > version).
It is a goal for Jetspeed to bind LDAP attributes to portal user
objects with no coding. But currently its not possible.
>
> I really like what I see in other areas of the product and would like
> to encourage our corporation to use and support Jetspeed but until
> some of these issues are addressed it would be difficult to promote
> it's use.
>
Well, thats where the open source model comes in. You could write the
piece that you need and hopefully contribute it back.
--
David Sean Taylor
Bluesunrise Software
david@bluesunrise.com
+01 707 773-4646
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
Re: Using existing LDAP schema for authentication and roles and groups
Posted by Matt MacDonald <ma...@mitre.org>.
Just in case my question wasn't exactly clear... I understand that the
security service is pluggable and that there is an LDAP implementation
but from the documentation it seems that you are forced into using a new
schema that Jetspeed defines be it stored in LDAP or a relational
database. Am I wrong in making that statement?
The requirement that a new user schema be generated somehow doesn't seem
realistic. Many corporatations already have invested a lot of time in
well defined user schemas that reside in databases (relational or LDAP)
and it would be difficult to convince staff to adopt a new/modify
existing schemas to support a portal server. I speak from experience on
this one... I saw how long it took to get one new attribute added to the
People object of our LDAP schema.
I think the ability for Jetspeed to utilize & integrate existing user
information should be of a high priority if it is to compete with the
commercial products. The Sun portal server that we use allows us to
authenticate users using LDAP, Cert, Unix, RADIUS or membership and then
dynamically generates a portal user profile. I'm not stating that the
Sun portal server is the best product in the world it has it's drawbacks
as well - it suffers from some of the same problems that Jetspeed does
in it's inability to bind ldap attributes to portal user objects and
suffers the same problem with groups and roles. We have talked with Sun
about this and it is a high priority item for them to put this
functionality back in the product (it was in the 3.0 version).
I really like what I see in other areas of the product and would like to
encourage our corporation to use and support Jetspeed but until some of
these issues are addressed it would be difficult to promote it's use.
-matt
David Sean Taylor wrote:
>
> On Wednesday, May 21, 2003, at 06:38 AM, Matt MacDonald wrote:
>
>> Hi I am new to Jetspeed and Turbine but quite familiar with portal
>> applications as I have been actively developing a portal solution on
>> Sun One Portal 6.0 which supports 5000 users on a corporate intranet.
>> I decided to take a look at Jetspeed to compare the capabilities of
>> the two platforms. So far I like what Jetspeed provides WRT
>> developing and deploying a portlet and it seems much easier than to
>> do so within the Sun framework. I was hoping to have a few questions
>> answered or at least be guided in the right direction to learn more
>> about these topics.
>>
>> Authentication:
>> Reading through the documentation and mailing list postings about the
>> LDAP authentication topic it seems that there is very little
>> mentioned about how to authenticate a user against an existing LDAP
>> schema. We have an existing LDAP schema that is maintained by another
>> group and the schema is fixed. I would like to configure the
>> Jetspeed/Turbine authentication mechanism to use our existing LDAP
>> directory to validate username and password pairs and construct a
>> JetspeedUser based upon existing LDAP attributes. My access to this
>> LDAP server is read only. Could someone please provide me with
>> detailed instructions or point me in the right direction?
>>
> Jetspeed Security services are pluggable. The default uses a database.
> There is a second implementation using LDAP
> See
>
> http://cvs.apache.org/viewcvs/jakarta-jetspeed/src/ldap/
>
>
>> Roles and Groups
>> Our existing LDAP schema contains information about roles and
>> organizations (groups) - Is it possible to bind these existing
>> attributes to the Jetspeed Role and Group concept?
>>
> See the Jetspeed Security model described here
>
> http://jakarta.apache.org/jetspeed/site/security.html
>
>> The authentication area is the one thing really holding me back from
>> pushing the use of Jetspeed as the implementation contains most
>> everything that we would want to use.
>>
>
>> -thanks
>> -matt
>>
>
> --
> David Sean Taylor
> Bluesunrise Software
> david@bluesunrise.com
> +01 707 773-4646
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
Re: Using existing LDAP schema for authentication and roles and groups
Posted by David Sean Taylor <da...@bluesunrise.com>.
On Wednesday, May 21, 2003, at 06:38 AM, Matt MacDonald wrote:
> Hi I am new to Jetspeed and Turbine but quite familiar with portal
> applications as I have been actively developing a portal solution on
> Sun One Portal 6.0 which supports 5000 users on a corporate intranet.
> I decided to take a look at Jetspeed to compare the capabilities of
> the two platforms. So far I like what Jetspeed provides WRT developing
> and deploying a portlet and it seems much easier than to do so within
> the Sun framework. I was hoping to have a few questions answered or at
> least be guided in the right direction to learn more about these
> topics.
>
> Authentication:
> Reading through the documentation and mailing list postings about the
> LDAP authentication topic it seems that there is very little mentioned
> about how to authenticate a user against an existing LDAP schema. We
> have an existing LDAP schema that is maintained by another group and
> the schema is fixed. I would like to configure the Jetspeed/Turbine
> authentication mechanism to use our existing LDAP directory to
> validate username and password pairs and construct a JetspeedUser
> based upon existing LDAP attributes. My access to this LDAP server is
> read only. Could someone please provide me with detailed instructions
> or point me in the right direction?
>
Jetspeed Security services are pluggable. The default uses a database.
There is a second implementation using LDAP
See
http://cvs.apache.org/viewcvs/jakarta-jetspeed/src/ldap/
> Roles and Groups
> Our existing LDAP schema contains information about roles and
> organizations (groups) - Is it possible to bind these existing
> attributes to the Jetspeed Role and Group concept?
>
See the Jetspeed Security model described here
http://jakarta.apache.org/jetspeed/site/security.html
> The authentication area is the one thing really holding me back from
> pushing the use of Jetspeed as the implementation contains most
> everything that we would want to use.
>
> -thanks
> -matt
>
--
David Sean Taylor
Bluesunrise Software
david@bluesunrise.com
+01 707 773-4646
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org