You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Ate Douma (JIRA)" <je...@portals.apache.org> on 2006/11/11 19:46:42 UTC
[jira] Assigned: (JS2-491) Enhance J2 LDAP Security Documentation
[ http://issues.apache.org/jira/browse/JS2-491?page=all ]
Ate Douma reassigned JS2-491:
-----------------------------
Assignee: Ate Douma
> Enhance J2 LDAP Security Documentation
> --------------------------------------
>
> Key: JS2-491
> URL: http://issues.apache.org/jira/browse/JS2-491
> Project: Jetspeed 2
> Issue Type: Improvement
> Components: Security
> Affects Versions: 2.1-dev
> Reporter: David Le Strat
> Assigned To: Ate Douma
> Fix For: 2.1-dev
>
> Attachments: jetspeed LDAP.doc, jetspeed-ldap-final.patch, jetspeed2-ldap-11102006.patch, ldap_patch_with_jdk_fix.patch
>
>
> From Davy De Waele email to the list:
> Judging from the recent activity on the mailing list I noticed some
> interest in using LDAP & Jetspeed
> Some thoughts come to mind:
> 1. The instructions located at
> http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/ldap
> .html are really only applicable for people who are building jetspeed
> from source.
> Due to the fact that the security-spi-ldap*.xml files shown there are
> coming from SVN (interface changes, additional objects in the
> configuration files that are not in the 2.0 binary release), users who
> have installed jetspeed2 via the installer attempting to follow these
> instructions will run into configuration issues.
> What would be the best way to address this?
> I think we should make a difference between users who are familiar with
> Maven, SVN, compiling/building/deploying, and users who just want to
> get
> the thing up & running using the installer.
> Shouldn't we put this information into perspective by:
> a) Clearly indicating that this is only intended for people building
> from source
> b) Provide an additional manual on what needs to be done starting from
> a
> binary release (2.0 version)
>
> The user would have to
> * copy the security-spi-ldap*.xml files (we provide
> downloadable spring XML files acting as examples)
> * remove their default security-spi-atn.xml
> * restart tomcat
> * preparing their LDAP server
> As far as LDAP support goes, we should provide instructions on how
> existing LDAP servers can be used with jetspeed. We can also provide
> downloadable schema files & LDIF sample data for all major vendors +
> documentation)
> I could provide such manuals for OpenLDAP,SunDS and ApacheDS.
> 2. The major problem that users will be facing today is that encrypted
> passwords are not supported in the jetspeed2.0 release. Given that this
> functionality has been committed to the codebase, how do you feel
> towards providing a downloadable JAR file to users that would act as a
> replacement for their current jetspeed-security-2.0.jar - doesn't have
> to be anything official, could be included as a link in the
> documentation)
> The user would have to
> * replace his jetspeed-security-2.0.jar
> * restart tomcat
> The user would have support for encrypted passwords and group/role
> membership via LDAP.
> 3. OpenLDAP schema file
> I had to add groupOfUniqueNames as a parent to the jetspeed-2-group and
> jetspeed-2-role objectClasses in order for the group/role assignment to
> work in OpenLDAP.
> ApacheDS doesn't really care when objects are created in the LDAP tree
> containing attributes that aren't defined in the LDAP schema. OpenLDAP
> does :) I've attached the new jetspeed.schema file.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org