AFAIK, the default implementation only implements the Authentication SPI components (UserSecurityHandler, CredentialHandler), *not* the Authorization SPI components (RoleSecurityHandler, GroupSecurityHandler, SecurityMappingHandler). This is of course unless someone has implemented them since.
So when you use it in that capacity, your usernames and passwords would be stored in LDAP, but the role and group associations would be stored in jetspeeds database. I have implemented all of the ATN and ATZ SPI components to connect to my OpenLDAP custom schema. It is not that difficult if you follow the default components as an example. Unfortunately, in order to get these components built quickly, I used my own proprietary data access layer API instead of spring DAO. I would very much like to learn spring DAO at some point and retro-fit these to use spring DAO and then donate the code but unfortunatley my company is the eternal whip cracker and I have no time to do this right now. That and my wife and I are preparing for a baby. Hey, maybe during my pat leave! Now there's an idea! Also, i was thinking that I might try my hand at authoring a "Guide to implementing custom ATN/ATZ components". It really isn't that difficult if you follow the default implementations as a guide, but I think a document around this would reassure people... On 6/8/06, David Sean Taylor <[EMAIL PROTECTED]> wrote:
Brice Lambi wrote: > What do I need to do to populate the roles, groups and permissions? The > sample ldif file in the ldap doc only adds one admin user. I've tried > cloning what is in the default jetspeed install by making a admin, user and > manager role. This didn't seem to work for me. There are a couple of docs > that give tutorials on how to set up the Apache DS, but it looks like that > server has been down for some time. > > How does the role name need to be configured? In the jetspeed.schema file > distributed with the source, a jetspeed-role requires a uid. Is the uid > the > name of the role? I would be happy to document this process once I get > this > all figured out. > > Thanks, > Brice > I haven't tried integrating roles into LDAP The example we provide only populates the one user, and then allows you to login over LDAP. Im sure you can populate the roles and groups as well, I've just never tried it. I would follow the same pattern as for users, where the uid is set to the username, do the same for roles --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
