Author: dlestrat
Date: Sat Nov 5 22:07:51 2005
New Revision: 331084
URL: http://svn.apache.org/viewcvs?rev=331084&view=rev
Log:
http://issues.apache.org/jira/browse/JS2-188#action_12356329
Documentation on how to configure and use Jetspeed 2 with LDAP as an
authentication provider.
Added:
portals/jetspeed-2/trunk/components/security/xdocs/images/j2-admin-user-mgt.gif
(with props)
portals/jetspeed-2/trunk/components/security/xdocs/images/ldap-client-connection.gif
(with props)
Modified:
portals/jetspeed-2/trunk/components/security/xdocs/ldap.xml
Added:
portals/jetspeed-2/trunk/components/security/xdocs/images/j2-admin-user-mgt.gif
URL:
http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/xdocs/images/j2-admin-user-mgt.gif?rev=331084&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
portals/jetspeed-2/trunk/components/security/xdocs/images/j2-admin-user-mgt.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
portals/jetspeed-2/trunk/components/security/xdocs/images/ldap-client-connection.gif
URL:
http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/xdocs/images/ldap-client-connection.gif?rev=331084&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
portals/jetspeed-2/trunk/components/security/xdocs/images/ldap-client-connection.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: portals/jetspeed-2/trunk/components/security/xdocs/ldap.xml
URL:
http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/xdocs/ldap.xml?rev=331084&r1=331083&r2=331084&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/xdocs/ldap.xml (original)
+++ portals/jetspeed-2/trunk/components/security/xdocs/ldap.xml Sat Nov 5
22:07:51 2005
@@ -26,90 +26,138 @@
<section name="LDAP Configuration">
<p>
- Jetspeed 2 provides LDAP support for authentication.
Configuring LDAP authentication can be done by replacing the configuration
files located
- under
-
<i>${jetspeed-source-home}/portal/src/webapp/WEB-INF/assembly/</i>
- by the files located under as indicated
- <i>${jetspeed-source-home}/components/security/etc/</i>
- . below.
- </p>
- <p>
Jetspeed 2 provides an embedded LDAP configuration through the
<a
href="http://directory.apache.org/subprojects/apacheds/index.html";>Apache
Directory Server</a>
. A external LDAP directory can also be onfigured in order to
leverage the LDAP security functionality.
</p>
+ <subsection name="Configuring Jetspeed 2 to Use LDAP">
+ <p>
+ The following two files provide assembly configuration for
authenticating with LDAP:
+ <ul>
+ <li><i><a
+
href="http://svn.apache.org/viewcvs.cgi/portals/jetspeed-2/trunk/components/security/etc/security-spi-ldap.xml?view=markup";>security-spi-ldap.xml</a>:</i>
Provides
+ the configuration information for LDAP binding. See
configuration details below.</li>
+ <li><i><a
+
href="http://svn.apache.org/viewcvs.cgi/portals/jetspeed-2/trunk/components/security/etc/security-spi-ldap-atn.xml?view=markup";>security-spi-ldap-atn.xml</a>:</i>
Provides
+ the SPI configuration for authentication. It replaces the
default implementations of <i>CredentialHandler</i> and
<i>UserSecurityHandler</i>
+ with an LDAP specific implementation.</li>
+ </ul>
+ </p>
+ <p>
+ In order to configure Jetspeed 2 to use LDAP, add
<i>security-spi-ldap.xml</i> and <i>security-spi-ldap-atn.xml</i> to the
Jetspeed 2 application
+ assembly directory and remove the default authentication SPI file
<i>security-spi-atn.xml</i>.
+ In the source, this directory is located at:
+ <pre>${jetspeed-source-home}/src/webapp/WEB-INF/assembly/</pre>
+ If your application is deployed in Tomcat, this directory is
located at:
+ <pre>${tomcat-home}/webapps/jetspeed/WEB-INF/assembly</pre>
+ </p>
+ <p>
+ The <i>security-spi-ldap.xml</i> configuration file requires the
following values to be set:
+ </p>
+ <table>
+ <tr>
+ <th>Property</th>
+ <th>Value</th>
+ </tr>
+ <tr>
+ <td>org.apache.jetspeed.ldap.initialContextFactory</td>
+ <td>
+ The initial context factory used for binding to LDAP. The
LDAP assembly is configured
+ by default with the Sun LDAP context factory:
<i>com.sun.jndi.ldap.LdapCtxFactory</i>.
+ </td>
+ </tr>
+ <tr>
+ <td>org.apache.jetspeed.ldap.ldapServerName</td>
+ <td>
+ The location of the LDAP server to connect to. By default
the LDAP assembly uses
+ <i>localhost</i>.
+ </td>
+ </tr>
+ <tr>
+ <td>org.apache.jetspeed.ldap.ldapServerPort</td>
+ <td>
+ The port of the LDAP server to connect to. By default the
LDAP assembly uses
+ Apache Directory Server default port <i>10389</i>.
+ </td>
+ </tr>
+ <tr>
+ <td>org.apache.jetspeed.ldap.rootDn</td>
+ <td>
+ The user distinguished name used by the application to
connect to the LDAP server.
+ By default the LDAP assembly uses Apache Directory Server
system admin user <i>uid=admin,ou=system</i>.
+ </td>
+ </tr>
+ <tr>
+ <td>org.apache.jetspeed.ldap.rootPassword</td>
+ <td>
+ The password used by the application to connect to the
LDAP server.
+ By default the LDAP assembly uses Apache Directory Server
system admin password <i>secret</i>.
+ </td>
+ </tr>
+ <tr>
+ <td>org.apache.jetspeed.ldap.rootContext</td>
+ <td>
+ The root context for the LDAP directory set up. By
default, Jetspeed 2 uses the same root context
+ as the root context provided in the <a
href="http://docs.safehaus.org/display/APACHEDS/The+Apache+Directory+Tutorial";>Apache
Directory Server tutorial</a>:
+ <i>o=sevenSeas</i>.
+ </td>
+ </tr>
+ <tr>
+ <td>org.apache.jetspeed.ldap.defaultDnSuffix</td>
+ <td>
+ Provides the ability to add a suffix to the principal.
This is empty by default.
+ </td>
+ </tr>
+ <tr>
+ <td>org.apache.jetspeed.ldap.ou.users</td>
+ <td>
+ The default organizational unit for users.
+ </td>
+ </tr>
+ <tr>
+ <td>org.apache.jetspeed.ldap.ou.groups</td>
+ <td>
+ The default organizational unit for groups.
+ </td>
+ </tr>
+ </table>
+ </subsection>
+ <subsection name="Starting LDAP">
+ <p>
+ Jetspeed 2 maven plugin provides a easy way to get started with
Apache Directory Server. To start the LDAP
+ server run:
+ <pre>maven j2:start.ldap.server</pre>
+ See <a href="/j2-maven-plugin.html#LDAP_Management_Goals">the J2
maven plugin documentation</a> for more information.
+ </p>
+ </subsection>
+ <subsection name="Connecting to LDAP">
<p>
- <i>security-spi-atn.xml</i>
- should be replaced by
- <i>security-spi-ldap-atn.xml</i>
- and
- <i>security-spi-ldap.xml</i>
- should be copied to the assembly directory as well.
- </p>
- <p>
- The
- <i>security-spi-ldap-atn.xml</i>
- peeforms the same functions as the
- <i>security-spi-atn.xml</i>
- described above. It replaces the default implementation for
- <i>CredentialHandler</i>
- and
- <i>UserSecurityHandler</i>
- with an LDAP specific implementation.
- </p>
- <p>
- <u>The sections below are outdated. Update to come soon...</u>
- </p>
- <p>
- Additionally,
- <i>ldap.properties</i>
- located under
- <i>${jetspeed-source-home}/components/security/etc/</i>
- should be copied under
- <i>${jetspeed-source-home}/portal/src/webapp/WEB-INF/conf/</i>
- .
- </p>
- <subsection name="ldap.properties">
- <table>
- <tr>
- <th>Property</th>
- <th>Value</th>
- </tr>
- <tr>
- <td>org.apache.jetspeed.ldap.ldapServerName</td>
- <td>
- The LDAP server name to connect to. E.g.
- <i>localhost</i>
- </td>
- </tr>
- <tr>
- <td>org.apache.jetspeed.ldap.rootDn</td>
- <td>
- The root domain name. E.g.
- <i>cn=Manager,dc=proto,dc=dataline,dc=com</i>
- . In properties files the "=" in the value should
be escaped, i.e.
- <i>cn\=Manager,dc\=proto,dc\=dataline,dc\=com</i>
- </td>
- </tr>
- <tr>
- <td>org.apache.jetspeed.ldap.rootPassword</td>
- <td>The root password.</td>
- </tr>
- <tr>
- <td>org.apache.jetspeed.ldap.rootContext</td>
- <td>
- The root context. E.g.
- <i>dc=proto,dc=dataline,dc=com</i>
- </td>
- </tr>
- <tr>
- <td>org.apache.jetspeed.ldap.defaultDnSuffix</td>
- <td>
- The default suffix. E.g.
- <i>ou=Norfolk,o=Dataline</i>
- </td>
- </tr>
- </table>
+ Many client are available for connecting to LDAP. The Apache
Directory Server provides
+ <a
href="http://docs.safehaus.org/display/APACHEDS/Connecting+to+Apache+Directory+Server";>a
nice tutorial</a> on how
+ to connect to Apache DS with different clients.
+ </p>
+ <p>
+ If you decide to use <a
href="http://www.jxplorer.org/";>JXplorer</a>, your client connection window
should look
+ as follow:<br/>
+ <div align="center"><img src="images/ldap-client-connection.gif"
border="0"/></div>
+ </p>
+ </subsection>
+ <subsection name="Loading Test User Accounts">
+ <p>
+ Jetspeed 2 provides
+ <a
href="http://svn.apache.org/viewcvs.cgi/portals/jetspeed-2/trunk/etc/apacheds/j2-apacheds.ldif?view=markup";>a
sample ldiff file</a>
+ for loading user test data. Import the ldif into your LDAP. In
JXplorer, users can select <i>LDIF -> Import File</i> and choose the
+ file to import.
+ </p>
+ <p>
+ Once the data is imported and all above steps have been performed,
start or restart your application server.
+ You can now login to Jetspeed with the accounts available in LDAP.
For instance <i>admin/admin</i>.
+ </p>
+ <p>
+ The LDAP configuration also fully integrates with Jetspeed
<i>UserManager</i>, and therefore admin functionality
+ such as the user management section, retrieve user from LDAP as
well as shown below:<br/>
+ <div align="center"><img src="images/j2-admin-user-mgt.gif"
border="0"/></div>
+ </p>
</subsection>
</section>
</body>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
