You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by Obi Ezechukwu <eo...@hotmail.com> on 2009/10/17 21:41:07 UTC
[PATCH] - New Feature: Read-Only LDAP repository
Dear All,
My company recently adopted James 2.3.2 as a low cost mail-server.
We were quite impressed with its stability and versatility, however we did
have one major problem. We wanted to authenticate users against our existing
LDAP store, thus maintaining consistency with other applications in our
technology landscape. Apart from the fact that the current LDAP support in
James is experimental, it does mandate that certain James specific groups
are created in the LDAP server. This did not go down very well with our
system/security administrators.
We wanted a user-repository that would simply mirror the information
in our LDAP repository and not permit users to be added or changed via the
James Admin console. We ended up building this functionality ourselves on
top of the 2.3.2 release. We would now like to contribute our aptly named
"ReadOnlyLDAPUserRepository" back to the James project.
The source code is attached. For a summary of the features, please
see bullet list below:
a.) authentication against LDAP compliant server
b.) group/role based access restriction
c.) read-only feature, thus allowing organizations to manage James users
through existing security-admin tools.
e.) allows James to share authentication/authorization
infrastructure/repository with the rest of the applications in an IT
landscape. Put differently, companies that have already invested in a
security infrastructure, can re-use it when adopting James as a mail server.
Please find attached the fully commented source code required for
this change. I am happy to provide any additional documentation required for
inclusion into the James wiki, or to make any changes to the code required
for James v3.
Regards,
Obi Ezechukwu
============================================================================
==
Please access the attached hyperlink for an important electronic
communications disclaimer:
<http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html>
http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
============================================================================
==
No virus found in this incoming message.
Checked by AVG - <http://www.avg.com> www.avg.com
Version: 8.5.422 / Virus Database: 270.14.20/2441 - Release Date: 10/16/09
18:39:00
Re: [PATCH] - New Feature: Read-Only LDAP repository
Posted by Norman Maurer <no...@apache.org>.
Thx a bunch!
Bye,
Norman
2009/10/18 Obi Ezechukwu <eo...@hotmail.com>:
> Done. Please find issue at: https://issues.apache.org/jira/browse/JAMES-934
>
> Regards,
> Obi Ezechukwu
>
> -----Original Message-----
> From: norman.maurer@googlemail.com [mailto:norman.maurer@googlemail.com] On
> Behalf Of Norman Maurer
> Sent: 18 October 2009 10:10
> To: James Developers List
> Subject: Re: [PATCH] - New Feature: Read-Only LDAP repository
>
> Hi obi,
>
> nice to hear that James was helpful for you. I would be very
> interested in getting your code in James devolpment tree. For this it
> would be helpful to open an jira issue with the code attached.
>
> So please open one. Jira can be found here
> https://issues.apache.org/jira/browse/JAMES
>
> Thx
> Norman
> 2009/10/17, Obi Ezechukwu <eo...@hotmail.com>:
>> Dear All,
>> My company recently adopted James 2.3.2 as a low cost mail-server.
>> We were quite impressed with its stability and versatility, however we did
>> have one major problem. We wanted to authenticate users against our
> existing
>> LDAP store, thus maintaining consistency with other applications in our
>> technology landscape. Apart from the fact that the current LDAP support in
>> James is experimental, it does mandate that certain James specific groups
>> are created in the LDAP server. This did not go down very well with our
>> system/security administrators.
>>
>> We wanted a user-repository that would simply mirror the
> information
>> in our LDAP repository and not permit users to be added or changed via the
>> James Admin console. We ended up building this functionality ourselves on
>> top of the 2.3.2 release. We would now like to contribute our aptly named
>> "ReadOnlyLDAPUserRepository" back to the James project.
>>
>> The source code is attached. For a summary of the features, please
>> see bullet list below:
>>
>> a.) authentication against LDAP compliant server
>> b.) group/role based access restriction
>> c.) read-only feature, thus allowing organizations to manage James users
>> through existing security-admin tools.
>> e.) allows James to share authentication/authorization
>> infrastructure/repository with the rest of the applications in an IT
>> landscape. Put differently, companies that have already invested in a
>> security infrastructure, can re-use it when adopting James as a mail
> server.
>>
>> Please find attached the fully commented source code required for
>> this change. I am happy to provide any additional documentation required
> for
>> inclusion into the James wiki, or to make any changes to the code required
>> for James v3.
>>
>> Regards,
>> Obi Ezechukwu
>>
>>
>>
>>
> ============================================================================
>> ==
>> Please access the attached hyperlink for an important electronic
>> communications disclaimer:
>> <http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html>
>> http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
>>
> ============================================================================
>> ==
>>
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG - <http://www.avg.com> www.avg.com
>> Version: 8.5.422 / Virus Database: 270.14.20/2441 - Release Date: 10/16/09
>> 18:39:00
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
> For additional commands, e-mail: server-dev-help@james.apache.org
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.422 / Virus Database: 270.14.20/2444 - Release Date: 10/18/09
> 09:04:00
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
> For additional commands, e-mail: server-dev-help@james.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
RE: [PATCH] - New Feature: Read-Only LDAP repository
Posted by Obi Ezechukwu <eo...@hotmail.com>.
Done. Please find issue at: https://issues.apache.org/jira/browse/JAMES-934
Regards,
Obi Ezechukwu
-----Original Message-----
From: norman.maurer@googlemail.com [mailto:norman.maurer@googlemail.com] On
Behalf Of Norman Maurer
Sent: 18 October 2009 10:10
To: James Developers List
Subject: Re: [PATCH] - New Feature: Read-Only LDAP repository
Hi obi,
nice to hear that James was helpful for you. I would be very
interested in getting your code in James devolpment tree. For this it
would be helpful to open an jira issue with the code attached.
So please open one. Jira can be found here
https://issues.apache.org/jira/browse/JAMES
Thx
Norman
2009/10/17, Obi Ezechukwu <eo...@hotmail.com>:
> Dear All,
> My company recently adopted James 2.3.2 as a low cost mail-server.
> We were quite impressed with its stability and versatility, however we did
> have one major problem. We wanted to authenticate users against our
existing
> LDAP store, thus maintaining consistency with other applications in our
> technology landscape. Apart from the fact that the current LDAP support in
> James is experimental, it does mandate that certain James specific groups
> are created in the LDAP server. This did not go down very well with our
> system/security administrators.
>
> We wanted a user-repository that would simply mirror the
information
> in our LDAP repository and not permit users to be added or changed via the
> James Admin console. We ended up building this functionality ourselves on
> top of the 2.3.2 release. We would now like to contribute our aptly named
> "ReadOnlyLDAPUserRepository" back to the James project.
>
> The source code is attached. For a summary of the features, please
> see bullet list below:
>
> a.) authentication against LDAP compliant server
> b.) group/role based access restriction
> c.) read-only feature, thus allowing organizations to manage James users
> through existing security-admin tools.
> e.) allows James to share authentication/authorization
> infrastructure/repository with the rest of the applications in an IT
> landscape. Put differently, companies that have already invested in a
> security infrastructure, can re-use it when adopting James as a mail
server.
>
> Please find attached the fully commented source code required for
> this change. I am happy to provide any additional documentation required
for
> inclusion into the James wiki, or to make any changes to the code required
> for James v3.
>
> Regards,
> Obi Ezechukwu
>
>
>
>
============================================================================
> ==
> Please access the attached hyperlink for an important electronic
> communications disclaimer:
> <http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html>
> http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
>
============================================================================
> ==
>
>
>
> No virus found in this incoming message.
> Checked by AVG - <http://www.avg.com> www.avg.com
> Version: 8.5.422 / Virus Database: 270.14.20/2441 - Release Date: 10/16/09
> 18:39:00
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.422 / Virus Database: 270.14.20/2444 - Release Date: 10/18/09
09:04:00
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
Re: [PATCH] - New Feature: Read-Only LDAP repository
Posted by Norman Maurer <no...@apache.org>.
Hi obi,
nice to hear that James was helpful for you. I would be very
interested in getting your code in James devolpment tree. For this it
would be helpful to open an jira issue with the code attached.
So please open one. Jira can be found here
https://issues.apache.org/jira/browse/JAMES
Thx
Norman
2009/10/17, Obi Ezechukwu <eo...@hotmail.com>:
> Dear All,
> My company recently adopted James 2.3.2 as a low cost mail-server.
> We were quite impressed with its stability and versatility, however we did
> have one major problem. We wanted to authenticate users against our existing
> LDAP store, thus maintaining consistency with other applications in our
> technology landscape. Apart from the fact that the current LDAP support in
> James is experimental, it does mandate that certain James specific groups
> are created in the LDAP server. This did not go down very well with our
> system/security administrators.
>
> We wanted a user-repository that would simply mirror the information
> in our LDAP repository and not permit users to be added or changed via the
> James Admin console. We ended up building this functionality ourselves on
> top of the 2.3.2 release. We would now like to contribute our aptly named
> "ReadOnlyLDAPUserRepository" back to the James project.
>
> The source code is attached. For a summary of the features, please
> see bullet list below:
>
> a.) authentication against LDAP compliant server
> b.) group/role based access restriction
> c.) read-only feature, thus allowing organizations to manage James users
> through existing security-admin tools.
> e.) allows James to share authentication/authorization
> infrastructure/repository with the rest of the applications in an IT
> landscape. Put differently, companies that have already invested in a
> security infrastructure, can re-use it when adopting James as a mail server.
>
> Please find attached the fully commented source code required for
> this change. I am happy to provide any additional documentation required for
> inclusion into the James wiki, or to make any changes to the code required
> for James v3.
>
> Regards,
> Obi Ezechukwu
>
>
>
> ============================================================================
> ==
> Please access the attached hyperlink for an important electronic
> communications disclaimer:
> <http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html>
> http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
> ============================================================================
> ==
>
>
>
> No virus found in this incoming message.
> Checked by AVG - <http://www.avg.com> www.avg.com
> Version: 8.5.422 / Virus Database: 270.14.20/2441 - Release Date: 10/16/09
> 18:39:00
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org