Dear Wiki user, You have subscribed to a wiki page or wiki category on "Portals Wiki" for change notification.
The "Jetspeed2/LDAP-howto" page has been changed by Dupont: http://wiki.apache.org/portals/Jetspeed2/LDAP-howto?action=diff&rev1=7&rev2=8 ------ . Adapting jetspeed to an existing schema + . . This paragraphs shows how to configure Jestspeed to adapt it to a specific ldap model. . @@ -108, +109 @@ {{{constructor-arg index="2"}}} defines if the attribute is mapped in jetspeed database. - This is the coplete example of UserDaoConfiguration bean: + This is the coplete example of ''UserDaoConfiguration'' bean: {{{#!xml <bean id="UserDaoConfiguration" class="org.apache.jetspeed.security.mapping.ldap.dao.LDAPEntityDAOConfiguration" init-method="initialize"> @@ -150, +151 @@ <property name="entityType" value="user" /> </bean> }}} + And the user defined in the ldap (ldif format). + + {{{ + dn: [email protected],ou=comptes,ou=clients,dc=public,dc=bnf,dc=fr + objectClass: BNFUser + BnfIdentifiant: [email protected] + BnfMemberOf: cn=partenaires_bibliotheque,ou=groupes,ou=clients,dc=public,dc=bnf,dc=fr + BnfMemberOf: cn=partenaires_moissonnage_gallica_partenaire,ou=groupes,ou=clients,dc=public,dc=bnf,dc=fr + cn: [email protected] + userPassword:: e1NIQX1mRXFOQ2NvM1lxOWg1WlVnbEQzQ1pKVDRsQnM9 + }}} == Changing relationship with user and role, name and direction == If you want to change the attribute used to describe the relationship between User and Role, you can do it, in the Ldap configuration file: '''WEB-INF/assembly/security-ldap.xml'''. In our example, we want to use BnFMemberOf relation, in the user to role direction. * First, you have to declare it in the ''UserDaoConfiguration'', like shown in the above example * Second, you have to change the ''UserRoleRelationDAO'''' ''''''''the ''relationAttribute''; property permits to define the attribute used to store the relation. ''' - * '''Moreover, it's possible to define the direction Jetspeed uses t find roles have a user (2 possibities: the default one which is searching in all roles which ones are related to the authentificating user, the second way is to look from User entities which roles he has) Depending how your ldap is configured, the two methods can be used, or only one. In our case, the method chosen is the second one: for performance reasons, the attributes are stored in the User entities. To handle that, the ''useFromEntityAttribute'' was set to true. ''' + * Moreover, it's possible to define the direction Jetspeed uses t find roles have a user (2 possibities: the default one which is searching in all roles which ones are related to the authentificating user, the second way is to look from User entities which roles he has) Depending how your ldap is configured, the two methods can be used, or only one. In our case, the method chosen is the second one: for performance reasons, the attributes are stored in the User entities. To handle that, the ''useFromEntityAttribute'' was set to true. - '''This is an example configuration: ''' + This is an example configuration: {{{ + <bean id="UserRoleRelationDAO" class="org.apache.jetspeed.security.mapping.ldap.dao.impl.AttributeBasedRelationDAO"> + <meta key="j2:cat" value="ldapSecurity" /> + <property name="relationAttribute" value="BnFMemberOf" /> + <property name="attributeContainsInternalId" value="true" /> + <property name="useFromEntityAttribute" value="true" /> + <property name="relationType"> + <bean class="org.apache.jetspeed.security.mapping.impl.SecurityEntityRelationTypeImpl"> + <constructor-arg index="0" value="isMemberOf" /> + <constructor-arg index="1" value="user" /> + <constructor-arg index="2" value="role" /> + </bean> + </property> + </bean> }}}
