[ http://issues.apache.org/jira/browse/JS2-491?page=comments#action_12435035 ] Vitaly Baranovsky commented on JS2-491: ---------------------------------------
2 Eduardo Millan: Yes!!! We are very interesting in implementation of J2 LDAP Security working against Lotus Domino!! Can you share you sources? Thanks! > Enhance J2 LDAP Security Documentation > -------------------------------------- > > Key: JS2-491 > URL: http://issues.apache.org/jira/browse/JS2-491 > Project: Jetspeed 2 > Issue Type: Improvement > Components: Security > Affects Versions: 2.1-dev > Reporter: David Le Strat > Fix For: 2.1-dev > > > From Davy De Waele email to the list: > Judging from the recent activity on the mailing list I noticed some > interest in using LDAP & Jetspeed > Some thoughts come to mind: > 1. The instructions located at > http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/ldap > .html are really only applicable for people who are building jetspeed > from source. > Due to the fact that the security-spi-ldap*.xml files shown there are > coming from SVN (interface changes, additional objects in the > configuration files that are not in the 2.0 binary release), users who > have installed jetspeed2 via the installer attempting to follow these > instructions will run into configuration issues. > What would be the best way to address this? > I think we should make a difference between users who are familiar with > Maven, SVN, compiling/building/deploying, and users who just want to > get > the thing up & running using the installer. > Shouldn't we put this information into perspective by: > a) Clearly indicating that this is only intended for people building > from source > b) Provide an additional manual on what needs to be done starting from > a > binary release (2.0 version) > > The user would have to > * copy the security-spi-ldap*.xml files (we provide > downloadable spring XML files acting as examples) > * remove their default security-spi-atn.xml > * restart tomcat > * preparing their LDAP server > As far as LDAP support goes, we should provide instructions on how > existing LDAP servers can be used with jetspeed. We can also provide > downloadable schema files & LDIF sample data for all major vendors + > documentation) > I could provide such manuals for OpenLDAP,SunDS and ApacheDS. > 2. The major problem that users will be facing today is that encrypted > passwords are not supported in the jetspeed2.0 release. Given that this > functionality has been committed to the codebase, how do you feel > towards providing a downloadable JAR file to users that would act as a > replacement for their current jetspeed-security-2.0.jar - doesn't have > to be anything official, could be included as a link in the > documentation) > The user would have to > * replace his jetspeed-security-2.0.jar > * restart tomcat > The user would have support for encrypted passwords and group/role > membership via LDAP. > 3. OpenLDAP schema file > I had to add groupOfUniqueNames as a parent to the jetspeed-2-group and > jetspeed-2-role objectClasses in order for the group/role assignment to > work in OpenLDAP. > ApacheDS doesn't really care when objects are created in the LDAP tree > containing attributes that aren't defined in the LDAP schema. OpenLDAP > does :) I've attached the new jetspeed.schema file. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
