-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Thank you for the information! On Thu, 17 Mar 2005 03:02:03 -0800 =?iso-8859-1?Q?St=E9phane?= Croisier <[EMAIL PROTECTED]> wrote: >At 11:02 17/03/2005, you wrote: > >>When I wrote "the administration panel also allows to change >users >>attributes for ldap users" I really wanted to say that I think >it's >>a error to show the password field in a writeable state field... > >Yes, you're right. +1 for the idea. We might add such a check: if >a user is >a LDAP user we put this field in "grey" mode. > >>P.S.: What is happening when a user is removed from the LDAP >>directory when the user had some ACLs defined in the JahiaDB? >Will >>these ACLs fill over time in the database? > >Jahia can not catch the events occuring on the LDAP server as this >is a >remote system (and I do not believe the LDAP spec specifies some >kind of >SOAP based events you may catch in other relying systems, but I >must say I >am not myself a LDAP expert...) > >But this is not a problem for Jahia. If you remove a LDAP user, >the ACLs >will stay in Jahia but will not caused any error excepted >polluting the >database (ok this is just a simple row in a table!)... The only >problem >which may arise would be if you create afterwards a new LDAP user >with >exactly the same login identifier as the previous one. > >>I'm still not sure what the impact of coupling Jahia with a LDAP >>server is. Is the LDAP implementation ready at all for >production? > >Of course. Most of our large customers have connected Jahia to >their LDAP >server. This is not possible otherwise. Just think about how a >University >with 10'000+ students and teachers willl do to manage its portal >server >without LDAP... The requirement for a centralised user management >system is >then a must have. > >>Are there any coupled installations out there? What are the main >>do's and dont's specific to Jahia when coupling to a LDAP >>directory? > >If you only have to manage a few users, the Jahia user management >system is >just fine. If you begin to need to manage hundreds or thousands of >users, >you perhaps need a LDAP server (or you will need to spend time >managing all >the user management system within your organisation separately but >this >will not be very effective nor secure!). > >The only problem you might have are problems with LDAP groups of >groups >that we do not support yet (dynamic LDAP groups will be supported >in the >next Jahia 4.0.6). Else you might encounter some HTML cache issues >(for >example if you add a user in a certain LDAP group, Jahia will of >course not >be informed about it and then will not be able to flush the front >ten HMTL >cache for this user... the only way to deal with that would be to >force an >HTML cache expiration delay after a certain period of time if this >is >really necessary (or just to create a small button available to >the user >which will allow him to flush his cache)). > >>Sry to pester you with that much questions, but the manual >doesn't >>really go into detail with LDAP integration... > >LDAP or not LDAP is not really a Jahia related question but more a > >separated SSO topic in the organisation. For Jahia this is quite >transparant as you can simultanesouly use and mix some internal >Jahia users >and some LDAP users (even coming from several LDAP servers). Same >is true >with groups as you can create Jahia groups with LDAP and Jahia >users... > >Regards, >St�phane > > >>Best Regards >>Daniel Zimmermann >> >>On Thu, 17 Mar 2005 01:03:27 -0800 =?iso-8859-1?Q?St=E9phane?= >>Croisier <[EMAIL PROTECTED]> wrote: >> >Hi Daniel, >> > >> >You can not change LDAP attributes from the Admin. The >attributes >> >you see >> >in the Admin are the same as on the MySettings ones and are >stored >> >in Jahia >> >(excepted for login name + pwd for LDAP). Jahia only connects >in >> >read-only >> >mode to a(several) LDAP server(s). But for each LDAP user, >Jahia >> >creates >> >some corresponding Jahia user properties. So even for a LDAP >user, >> >you can >> >add/modify some custom Jahia user properties (using the API). >> >Otherwise >> >speaking for the LDAP users, properties can be split between >LDAP >> >and Jahia >> >(you do not perhaps want to store your custom Jahia user >> >properties into >> >your global enterprise wide LDAP!). >> > >> >Cheers, >> >St�phane >> > >> >At 09:38 17/03/2005, you wrote: >> >>-----BEGIN PGP SIGNED MESSAGE----- >> >>Hash: SHA1 >> >> >> >> >> >>Yes St�phane, but the administration panel also allows to >change >> >>users attributes for ldap users. Template customizing is >> >perfectly >> >>ok, but we don't really want to mess with the admin engine. Is >> >this >> >>just a error or is "works as designed"? >> >> >> >>On Wed, 16 Mar 2005 08:31:00 -0800 =?iso-8859-1?Q?St=E9phane?= >> >>Croisier <[EMAIL PROTECTED]> wrote: >> >> >Basically the MySettings menu is just a Jahia template (take >a >> >> >look at the >> >> >MySettings.jsp file) that you can fully customize according >to >> >> >your >> >> >read-only/write needs (e.g. through JNDI) and/or according >if a >> >> >user >> >> >property is directly stored on the LDAP server or in Jahia. >You >> >> >can also >> >> >add other new user properties or add new validation >mechanisms. >> >> >But this >> >> >will be custom to your installation. >> >> > >> >> >St�phane >> >> > >> >> >At 17:00 16/03/2005, you wrote: >> >> > >> >> >>Hi, >> >> >> >> >> >>Jahia 4.0.5 only allows read-only access to LDAP >Directories. >> >The >> >> >>"my settings" tab in the standard jahia template still >shows >> >the >> >> >>input fields to change the user settings like password etc. >> >But >> >> >>since the fields are readonly at the backend, changes >aren't >> >> >really >> >> >>possible. What would be the best approach to make the >password >> >> >>changeable from there or from the admin menu? How did you >> >solve >> >> >>this problem? >> >> >> >> >> >>best regards >> >> >>Daniel Zimmeramnn >> >>-----BEGIN PGP SIGNATURE----- >> >>Note: This signature can be verified at >> >https://www.hushtools.com/verify >> >>Version: Hush 2.4 >> >> >> >>>wkYEARECAAYFAkI5QfcACgkQdOg9yuANhRwQqQCeMVAO8/4fAzHFn5HqHUg/Ymo9E >D >> >8A >> >>n13eDQmTkFFOo4qjlYCEmT/km0+f >> >>=dTAj >> >>-----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkI5ZwIACgkQdOg9yuANhRxp+gCeKOlntpTJlEkkTl2ylNIY02PXiNYA nA2QC3W7YHXI8XbGjOvLE0lxyMVN =qcQ/ -----END PGP SIGNATURE-----
