[ http://issues.apache.org/jira/browse/JS2-188?page=comments#action_59493 ] Dolf Smits commented on JS2-188: --------------------------------
Hi All, I just started investigating jetSpeed, so I do not have much experience with jetspeed. I do however have some experience with LDAP, and although i will have a look at the implementations soon, I already want to make some remarks. In the sourcecode, i see code to retrieve a user password from ldap, this will nearly always be forbidden by policies, so you can never rely on this feature, checking a password should always be done by issuing a bind operation. Never rely on attributes and or objectclasses in use within LDAP, as most users will want to connect their portal to an existing enterprise directory, the tree-design and objectclasses might already have been defined, so they should be configurable in the jetspeed-ldap connection modules. If you want to use some specific attributes, define an auxilliarry objectclass with the wanted attributes (preferably special attributes designed for jetspeed and use that in the directory. in my opinion, all authentication and authorization data should be placed together in one directory, so you definitly need to define objectclasses and attributes to store this information. Although i did not have a look at the table definitions, I think that one objectclass to equal a table definition is a good way of defining the LDAP schema. You must however be carefull when using references (distinghuised name syntaxes) as these might lead to deadlocks during the addition of objects. Hope this helps, i will start reading more on this topic and comment on this as I find something relevant. Dolf > Implement the LDAP > ------------------ > > Key: JS2-188 > URL: http://issues.apache.org/jira/browse/JS2-188 > Project: Jetspeed 2 > Type: Improvement > Components: Security > Reporter: J, Edgar Zavala > Attachments: jetspeed-2-ldap-authentication.tar.gz > > Implement the LDAP integration using the SPI, provide the LDAP authenitcation > option. > TODO: > 1.- Complete the current implementation and complete the David work in: > a) org.apache.jetspeed.security.spi.impl.LdapCredentialHandler > b) org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
