Davy, See comments below.
--- Davy De Waele <[EMAIL PROTECTED]> wrote: > David, > > Judging from the recent activity on the mailing list > I noticed some > interest in using LDAP & Jetspeed > > Some thoughts come to mind: > > 1. The instructions located at > http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/ldap > .html are really only applicable for people who are > building jetspeed > from source. > Due to the fact that the security-spi-ldap*.xml > files shown there are > coming from SVN (interface changes, additional > objects in the > configuration files that are not in the 2.0 binary > release), users who > have installed jetspeed2 via the installer > attempting to follow these > instructions will run into configuration issues. > > What would be the best way to address this? > > I think we should make a difference between users > who are familiar with > Maven, SVN, compiling/building/deploying, and users > who just want to get > the thing up & running using the installer. > > Shouldn't we put this information into perspective > by: > > a) Clearly indicating that this is only intended for > people building > from source > b) Provide an additional manual on what needs to be > done starting from a > binary release (2.0 version) > > The user would have to > * copy the security-spi-ldap*.xml files > (we provide > downloadable spring XML files acting as examples) > * remove their default > security-spi-atn.xml > * restart tomcat > * preparing their LDAP server > > > As far as LDAP support goes, we should provide > instructions on how > existing LDAP servers can be used with jetspeed. We > can also provide > downloadable schema files & LDIF sample data for all > major vendors + > documentation) > > I could provide such manuals for OpenLDAP,SunDS and > ApacheDS. Completely agree with you there. I won't have much time to get to this this week but if you want to take the initiative, I will be happy to apply your patch. > > 2. The major problem that users will be facing today > is that encrypted > passwords are not supported in the jetspeed2.0 > release. Given that this > functionality has been committed to the codebase, > how do you feel > towards providing a downloadable JAR file to users > that would act as a > replacement for their current > jetspeed-security-2.0.jar - doesn't have > to be anything official, could be included as a link > in the > documentation) > > The user would have to > * replace his jetspeed-security-2.0.jar > * restart tomcat > > The user would have support for encrypted passwords > and group/role > membership via LDAP. That's one way to do it. Roger had requested that we merge the latest security changes with the 2.0.1 branch. That would be another option. I am not sure what the timeline for 2.0.1 is. > > > 3. OpenLDAP schema file > > I had to add groupOfUniqueNames as a parent to the > jetspeed-2-group and > jetspeed-2-role objectClasses in order for the > group/role assignment to > work in OpenLDAP. > ApacheDS doesn't really care when objects are > created in the LDAP tree > containing attributes that aren't defined in the > LDAP schema. OpenLDAP > does :) I've attached the new jetspeed.schema file. Got it, I will commit the new schema file. ________________________ David Le Strat Blogging @ http://dlsthoughts.blogspot.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
