Authorization should now work with LDAP. Most handlers and unit tests have been implemented for LDAP security. The unit tests are available at:
http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/spi/ldap/ To activate this with Jetspeed, you will need to modify the XML SPI config files to leverage the correct implementations. That's where I stopped, there may be some tweaks required to get this to work with the webapp. Regards, David Le Strat ________________________David Le Strat Blogging @ http://dlsthoughts.blogspot.com ----- Original Message ---- From: David Sean Taylor <[EMAIL PROTECTED]> To: Jetspeed Developers List <[email protected]> Sent: Thursday, June 8, 2006 5:38:37 PM Subject: Re: Jetspeed 2 with LDAP Aaron Evans wrote: > AFAIK, the default implementation only implements the Authentication > SPI components (UserSecurityHandler, CredentialHandler), *not* the > Authorization SPI components (RoleSecurityHandler, > GroupSecurityHandler, SecurityMappingHandler). This is of course > unless someone has implemented them since. Take a look at Mike Long's contributions. He wrote an LDAP DAO layer as well as an LdapRoleSecurityHandler and LdapGroupSecurityHandler I have not tested it out, not sure if its ready > > So when you use it in that capacity, your usernames and passwords > would be stored in LDAP, but the role and group associations would be > stored in jetspeeds database. > > I have implemented all of the ATN and ATZ SPI components to connect to > my OpenLDAP custom schema. It is not that difficult if you follow > the default components as an example. > > Unfortunately, in order to get these components built quickly, I used > my own proprietary data access layer API instead of spring DAO. Mike's implementation is all configured with Spring > > I would very much like to learn spring DAO at some point and retro-fit > these to use spring DAO and then donate the code but unfortunatley my > company is the eternal whip cracker and I have no time to do this > right now. That and my wife and I are preparing for a baby. Hey, > maybe during my pat leave! Now there's an idea! > > Also, i was thinking that I might try my hand at authoring a "Guide to > implementing custom ATN/ATZ components". It really isn't that > difficult if you follow the default implementations as a guide, but I > think a document around this would reassure people... > Finding the time to write documentation is the difficult part. Documentation is always welcome, and now you have perfect opportunity ;) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
