You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by "Lay, Trent" <tr...@hp.com> on 2006/11/23 11:03:53 UTC

LDAP

Hi Jetspeed,

We are deploying HP OpenView Dashbaord to Barclays bank. Dashboard uses
JetSpeed as its supporting Portal Server.

We would like to have Jetspeed use LDAP to authenticate users however we
cannot find any documentation on how to configure this.

Can you point me at the correct documentation or provide some guidance
on this subject ASAP.

Thanks and regards for any assistance.

Trent Lay.
07957 155 927

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org

Re: LDAP

Posted by David Sean Taylor <da...@bluesunrise.com>.

Lay, Trent wrote:
> Hi Jetspeed,
> 
> We are deploying HP OpenView Dashbaord to Barclays bank. Dashboard uses
> JetSpeed as its supporting Portal Server.
> 
> We would like to have Jetspeed use LDAP to authenticate users however we
> cannot find any documentation on how to configure this.
> 
> Can you point me at the correct documentation or provide some guidance
> on this subject ASAP.
> 
> Thanks and regards for any assistance.
> 
If you have the source, look under the src/ldap directory. You will find 
4 files: jetspeed.ldif, jetspeed.schema, 
LDAP-JetspeedSecurity.properties, and ldap-notes.txt

Ive included the ldap-notes.txt file below. It contains 'basic' instructions

LDAP user management
--------------------
This version of Jetspeed contains an LDAP-based user management service.
The module is experimental, and provided as is. It may lack features
present in other user management implementations.

The module is tested using OpenLDAP slapd 2.0.25 Release having the
following schemas included:

  core.schema
  cosine.schema
  inetorgperson.schema
  nis.schema
  jetspeed.schema

All the other schemas are provided as a part of OpenLDAP, but
"jetspeed.schema" is provided as a part of Jetspeed Portal platform.

You must put the followind entries to the "slapd.conf" configuration
file in order to make Jetspeed work with LDAP:

  database        ldbm
  suffix          "ou=jetspeed,o=apache"
  rootdn          "cn=ldapadmin,ou=jetspeed,o=apache"
  rootpw          secret

... optionally adding the following index definitions
index	default pres,eq
index	uid

... and the following entry to "ldap.conf" configuration file:

  BASE ou=jetspeed,o=apache

Then copy the schema file "jetspeed.schema" to your LDAP server's
schema directory.

Start slapd, and import the LDIF file "jetspeed.ldif" using your
favourite LDAP tool. Jetspeed's LDIF file contains the same user,
group, role and permission definitions than the database version.

On the portal side you can enable LDAP user management by merging
the properties found from "LDAP-JetspeedSecurity.properties" file
to the "JetspeedSecurity.properties" file. Change the
"services.ldap.host" property to point to your LDAP server.
Then you should have everything up and running.

Please note that currently the only supported crypting algorithm
for LDAP user management is Unix crypt. Unix crypt is commonly
used to encrypt data in LDAP directories, but the JCE (Java
Cryptographic Extensions) package does not support it (as far as
I know). Therefore, JCE cannot be used directly if UnixCrypt
must be supported, so an extra cryptographic layer should be
introduced on top of these two to allow users to use both encryption
mechanisms. If someone has a good view of how this should be done,
please post a proposal on the jetspeed-devel mailing list.

If you don't get Jetspeed to work with LDAP but you are sure that
your LDAP tree is properly built, you can contact Sami Leino
(sami.leino@netorek.fi) and he will try to help you.

Change log: (since release 1.4b3, 2002/12/17)
---------------------------------------------

2003/01/29: Fixed bug 16511 (no-secure passwords not allowed with LDAP)
2003/01/20: Passes all unit-tests now.
2003/01/20: Performance improvements. Now fetches all users from LDAP with
             one JNDI lookup when retrieving all users with getUsers() 
method.
             Earlier version constructed every user with separate lookup.
2003/01/20: DirContexts are now properly closed. Should no longer leave
             LDAP connections open.
2003/01/20: Error handling fixed. Now propagates Exceptions from LDAP
             operations to the application level.
2003/01/20: Date format changed to "yyyyMMddmmHHss'Z'". Dates are now
             stored using GMT timezone.
2003/01/20: SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 in "jetspeed.schema" 
changed
             to 1.3.6.1.4.1.1466.115.121.1.26 when using 
caseIgnoreIA5Match.
2003/01/20: LDAP-safe uid generation mechanism introduced in
             "BaseLDAPObject.java".
2003/01/20: Overall code cleanup performed (still a lot to do though).
             Extraneous imports removed.
2006/05/15: Correcting NPE conditions in LDAPUser.
             Added required JetspeedSecurity service properties values for
             provided sample LDAP (especially for secure.passwords=true)
             in LDAP-JetspeedSecurity.properties (to merge).
             Mention (optional) openldap index definitions in ldap-notes 
(here).
             Tested with OpenLDAP slapd 2.3.20.

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org