At 11:02 17/03/2005, you wrote:
When I wrote "the administration panel also allows to change users attributes for ldap users" I really wanted to say that I think it's a error to show the password field in a writeable state field...
Yes, you're right. +1 for the idea. We might add such a check: if a user is a LDAP user we put this field in "grey" mode.
P.S.: What is happening when a user is removed from the LDAP directory when the user had some ACLs defined in the JahiaDB? Will these ACLs fill over time in the database?
Jahia can not catch the events occuring on the LDAP server as this is a remote system (and I do not believe the LDAP spec specifies some kind of SOAP based events you may catch in other relying systems, but I must say I am not myself a LDAP expert...)
But this is not a problem for Jahia. If you remove a LDAP user, the ACLs will stay in Jahia but will not caused any error excepted polluting the database (ok this is just a simple row in a table!)... The only problem which may arise would be if you create afterwards a new LDAP user with exactly the same login identifier as the previous one.
I'm still not sure what the impact of coupling Jahia with a LDAP server is. Is the LDAP implementation ready at all for production?
Of course. Most of our large customers have connected Jahia to their LDAP server. This is not possible otherwise. Just think about how a University with 10'000+ students and teachers willl do to manage its portal server without LDAP... The requirement for a centralised user management system is then a must have.
Are there any coupled installations out there? What are the main do's and dont's specific to Jahia when coupling to a LDAP directory?
If you only have to manage a few users, the Jahia user management system is just fine. If you begin to need to manage hundreds or thousands of users, you perhaps need a LDAP server (or you will need to spend time managing all the user management system within your organisation separately but this will not be very effective nor secure!).
The only problem you might have are problems with LDAP groups of groups that we do not support yet (dynamic LDAP groups will be supported in the next Jahia 4.0.6). Else you might encounter some HTML cache issues (for example if you add a user in a certain LDAP group, Jahia will of course not be informed about it and then will not be able to flush the front ten HMTL cache for this user... the only way to deal with that would be to force an HTML cache expiration delay after a certain period of time if this is really necessary (or just to create a small button available to the user which will allow him to flush his cache)).
Sry to pester you with that much questions, but the manual doesn't really go into detail with LDAP integration...
LDAP or not LDAP is not really a Jahia related question but more a separated SSO topic in the organisation. For Jahia this is quite transparant as you can simultanesouly use and mix some internal Jahia users and some LDAP users (even coming from several LDAP servers). Same is true with groups as you can create Jahia groups with LDAP and Jahia users...
Regards, St�phane
Best Regards Daniel Zimmermann
On Thu, 17 Mar 2005 01:03:27 -0800 =?iso-8859-1?Q?St=E9phane?= Croisier <[EMAIL PROTECTED]> wrote: >Hi Daniel, > >You can not change LDAP attributes from the Admin. The attributes >you see >in the Admin are the same as on the MySettings ones and are stored >in Jahia >(excepted for login name + pwd for LDAP). Jahia only connects in >read-only >mode to a(several) LDAP server(s). But for each LDAP user, Jahia >creates >some corresponding Jahia user properties. So even for a LDAP user, >you can >add/modify some custom Jahia user properties (using the API). >Otherwise >speaking for the LDAP users, properties can be split between LDAP >and Jahia >(you do not perhaps want to store your custom Jahia user >properties into >your global enterprise wide LDAP!). > >Cheers, >St�phane > >At 09:38 17/03/2005, you wrote: >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >> >>Yes St�phane, but the administration panel also allows to change >>users attributes for ldap users. Template customizing is >perfectly >>ok, but we don't really want to mess with the admin engine. Is >this >>just a error or is "works as designed"? >> >>On Wed, 16 Mar 2005 08:31:00 -0800 =?iso-8859-1?Q?St=E9phane?= >>Croisier <[EMAIL PROTECTED]> wrote: >> >Basically the MySettings menu is just a Jahia template (take a >> >look at the >> >MySettings.jsp file) that you can fully customize according to >> >your >> >read-only/write needs (e.g. through JNDI) and/or according if a >> >user >> >property is directly stored on the LDAP server or in Jahia. You >> >can also >> >add other new user properties or add new validation mechanisms. >> >But this >> >will be custom to your installation. >> > >> >St�phane >> > >> >At 17:00 16/03/2005, you wrote: >> > >> >>Hi, >> >> >> >>Jahia 4.0.5 only allows read-only access to LDAP Directories. >The >> >>"my settings" tab in the standard jahia template still shows >the >> >>input fields to change the user settings like password etc. >But >> >>since the fields are readonly at the backend, changes aren't >> >really >> >>possible. What would be the best approach to make the password >> >>changeable from there or from the admin menu? How did you >solve >> >>this problem? >> >> >> >>best regards >> >>Daniel Zimmeramnn >>-----BEGIN PGP SIGNATURE----- >>Note: This signature can be verified at >https://www.hushtools.com/verify >>Version: Hush 2.4 >> >>wkYEARECAAYFAkI5QfcACgkQdOg9yuANhRwQqQCeMVAO8/4fAzHFn5HqHUg/Ymo9ED >8A >>n13eDQmTkFFOo4qjlYCEmT/km0+f >>=dTAj >>-----END PGP SIGNATURE-----
