I have another question about Jahia LDAP integration. In Jahia 4.0.5 there is some remaining file called "ldap-migration.xml". It seems to address the migration from users from a database to ldap or vice versa. Could you please tell me what it does and how it can be accessed?
Best Regards Daniel Zimmermann P.S.: Is it normal that ldap users aren't shown in the group "users" of Jahia? Every other group association seems to work, but not for group "users". In fact it works, but the users are just not displayed. On Thu, 17 Mar 2005 03:02:03 -0800 =?iso-8859-1?Q?St=E9phane?= Croisier <[EMAIL PROTECTED]> wrote: >At 11:02 17/03/2005, you wrote: > >>When I wrote "the administration panel also allows to change >users >>attributes for ldap users" I really wanted to say that I think >it's >>a error to show the password field in a writeable state field... > >Yes, you're right. +1 for the idea. We might add such a check: if >a user is >a LDAP user we put this field in "grey" mode. > >>P.S.: What is happening when a user is removed from the LDAP >>directory when the user had some ACLs defined in the JahiaDB? >Will >>these ACLs fill over time in the database? > >Jahia can not catch the events occuring on the LDAP server as this >is a >remote system (and I do not believe the LDAP spec specifies some >kind of >SOAP based events you may catch in other relying systems, but I >must say I >am not myself a LDAP expert...) > >But this is not a problem for Jahia. If you remove a LDAP user, >the ACLs >will stay in Jahia but will not caused any error excepted >polluting the >database (ok this is just a simple row in a table!)... The only >problem >which may arise would be if you create afterwards a new LDAP user >with >exactly the same login identifier as the previous one. > >>I'm still not sure what the impact of coupling Jahia with a LDAP >>server is. Is the LDAP implementation ready at all for >production? > >Of course. Most of our large customers have connected Jahia to >their LDAP >server. This is not possible otherwise. Just think about how a >University >with 10'000+ students and teachers willl do to manage its portal >server >without LDAP... The requirement for a centralised user management >system is >then a must have. > >>Are there any coupled installations out there? What are the main >>do's and dont's specific to Jahia when coupling to a LDAP >>directory? > >If you only have to manage a few users, the Jahia user management >system is >just fine. If you begin to need to manage hundreds or thousands of >users, >you perhaps need a LDAP server (or you will need to spend time >managing all >the user management system within your organisation separately but >this >will not be very effective nor secure!). > >The only problem you might have are problems with LDAP groups of >groups >that we do not support yet (dynamic LDAP groups will be supported >in the >next Jahia 4.0.6). Else you might encounter some HTML cache issues >(for >example if you add a user in a certain LDAP group, Jahia will of >course not >be informed about it and then will not be able to flush the front >ten HMTL >cache for this user... the only way to deal with that would be to >force an >HTML cache expiration delay after a certain period of time if this >is >really necessary (or just to create a small button available to >the user >which will allow him to flush his cache)). > >>Sry to pester you with that much questions, but the manual >doesn't >>really go into detail with LDAP integration... > >LDAP or not LDAP is not really a Jahia related question but more a > >separated SSO topic in the organisation. For Jahia this is quite >transparant as you can simultanesouly use and mix some internal >Jahia users >and some LDAP users (even coming from several LDAP servers). Same >is true >with groups as you can create Jahia groups with LDAP and Jahia >users... > >Regards, >St�phane > > >>Best Regards >>Daniel Zimmermann >> >>On Thu, 17 Mar 2005 01:03:27 -0800 =?iso-8859-1?Q?St=E9phane?= >>Croisier <[EMAIL PROTECTED]> wrote: >> >Hi Daniel, >> > >> >You can not change LDAP attributes from the Admin. The >attributes >> >you see >> >in the Admin are the same as on the MySettings ones and are >stored >> >in Jahia >> >(excepted for login name + pwd for LDAP). Jahia only connects >in >> >read-only >> >mode to a(several) LDAP server(s). But for each LDAP user, >Jahia >> >creates >> >some corresponding Jahia user properties. So even for a LDAP >user, >> >you can >> >add/modify some custom Jahia user properties (using the API). >> >Otherwise >> >speaking for the LDAP users, properties can be split between >LDAP >> >and Jahia >> >(you do not perhaps want to store your custom Jahia user >> >properties into >> >your global enterprise wide LDAP!). >> > >> >Cheers, >> >St�phane >> > >> >At 09:38 17/03/2005, you wrote: >> >>-----BEGIN PGP SIGNED MESSAGE----- >> >>Hash: SHA1 >> >> >> >> >> >>Yes St�phane, but the administration panel also allows to >change >> >>users attributes for ldap users. Template customizing is >> >perfectly >> >>ok, but we don't really want to mess with the admin engine. Is >> >this >> >>just a error or is "works as designed"? >> >> >> >>On Wed, 16 Mar 2005 08:31:00 -0800 =?iso-8859-1?Q?St=E9phane?= >> >>Croisier <[EMAIL PROTECTED]> wrote: >> >> >Basically the MySettings menu is just a Jahia template (take >a >> >> >look at the >> >> >MySettings.jsp file) that you can fully customize according >to >> >> >your >> >> >read-only/write needs (e.g. through JNDI) and/or according >if a >> >> >user >> >> >property is directly stored on the LDAP server or in Jahia. >You >> >> >can also >> >> >add other new user properties or add new validation >mechanisms. >> >> >But this >> >> >will be custom to your installation. >> >> > >> >> >St�phane >> >> > >> >> >At 17:00 16/03/2005, you wrote: >> >> > >> >> >>Hi, >> >> >> >> >> >>Jahia 4.0.5 only allows read-only access to LDAP >Directories. >> >The >> >> >>"my settings" tab in the standard jahia template still >shows >> >the >> >> >>input fields to change the user settings like password etc. >> >But >> >> >>since the fields are readonly at the backend, changes >aren't >> >> >really >> >> >>possible. What would be the best approach to make the >password >> >> >>changeable from there or from the admin menu? How did you >> >solve >> >> >>this problem? >> >> >> >> >> >>best regards >> >> >>Daniel Zimmeramnn >> >>-----BEGIN PGP SIGNATURE----- >> >>Note: This signature can be verified at >> >https://www.hushtools.com/verify >> >>Version: Hush 2.4 >> >> >> >>>wkYEARECAAYFAkI5QfcACgkQdOg9yuANhRwQqQCeMVAO8/4fAzHFn5HqHUg/Ymo9E >D >> >8A >> >>n13eDQmTkFFOo4qjlYCEmT/km0+f >> >>=dTAj >> >>-----END PGP SIGNATURE-----
