Author: taylor
Date: Mon Oct 29 21:52:16 2007
New Revision: 589958
URL: http://svn.apache.org/viewvc?rev=589958&view=rev
Log:
https://issues.apache.org/jira/browse/JS2-797
Added:
portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/root.ldif
portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/server.xml
Modified:
portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/etc/security-spi-ldap.xml
portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/xdocs/ldap.xml
portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/jetspeed-apacheds.ldif
Modified:
portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/etc/security-spi-ldap.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/etc/security-spi-ldap.xml?rev=589958&r1=589957&r2=589958&view=diff
==============================================================================
---
portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/etc/security-spi-ldap.xml
(original)
+++
portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/etc/security-spi-ldap.xml
Mon Oct 29 21:52:16 2007
@@ -56,11 +56,11 @@
<!-- The defaultSearchBase. -->
<constructor-arg index="15"><value>o=sevenSeas</value></constructor-arg>
<!-- The roleFilterBase. -->
- <constructor-arg
index="16"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+ <constructor-arg
index="16"><value>ou=Roles,ou=rootOrg</value></constructor-arg>
<!-- The groupFilterBase. -->
- <constructor-arg
index="17"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+ <constructor-arg
index="17"><value>ou=Groups,ou=rootOrg</value></constructor-arg>
<!-- The userFilterBase. -->
- <constructor-arg
index="18"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+ <constructor-arg
index="18"><value>ou=People,ou=rootOrg</value></constructor-arg>
<!-- The roleObjectClasses. -->
<constructor-arg
index="19"><value>top,groupOfUniqueNames,jetspeed-2-role</value></constructor-arg>
<!-- The groupObjectClasses. -->
Modified:
portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/xdocs/ldap.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/xdocs/ldap.xml?rev=589958&r1=589957&r2=589958&view=diff
==============================================================================
---
portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/xdocs/ldap.xml
(original)
+++
portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/xdocs/ldap.xml
Mon Oct 29 21:52:16 2007
@@ -36,9 +36,11 @@
<li><a
href='http://www.sun.com/software/products/directory_srvr_ee/dir_srvr/index.xml'>Sun
DS</a></li>
</ul>
<p>This getting started section only covers getting started with Apache
DS</p>
- <subsection name='Apache DS'>
+ <subsection name='Apache DS 1.0.2'>
<p>The first step to getting started with Apache DS is to download
and install it. Once it is up and running, you will need to add the Jetspeed
LDAP schema
- to the Apache DS server configuration. The general instructions for
adding a custom schema are documented here:
+ to the Apache DS server configuration. The general instructions for
adding a custom schema are documented here for version ApacheDS 1.0.2.
+ However, as of 2.1.3, the pre Jetspeed build only works with version
0.9.3. As of Jetspeed 2.1.3, we recommend using the guidelines
+ described here for version 1.0.2 instead of the Jetspeed build, as we
will be deprecated all 0.9.3 support with version 2.2 of Jetspeed.
</p>
<p><a
href='http://directory.apache.org/apacheds/1.0/custom-schema.html'>http://directory.apache.org/apacheds/1.0/custom-schema.html</a></p>
<p>
@@ -54,22 +56,124 @@
<bean
class="org.apache.directory.server.core.schema.bootstrap.AutofsSchema"/>
<bean
class="org.apache.directory.server.core.schema.bootstrap.CorbaSchema"/>
...
- <bean class="org.apache.jetspeed.security.ldap.JetspeedSchema"/>
+ <bean class="org.apache.jetspeed.security.ldap.JetspeedSchema"/>
</set>
</property>
]]></source>
+ <p>For version Apache LDAP 0.9.3 (which I have never tried), use the
same:</p>
+<source><![CDATA[
+ <bean class="org.apache.jetspeed.security.ldap.JetspeedSchema"/>
+]]></source>
<p>
We simply added the Jetspeed schema definition at the end of the list of bean
definitions.
-The bean references a class named
<i>org.apache.jetspeed.security.ldap.JetspeedSchema</i>. This class is included
in a JAR file that Jetspeed provides for you.
-The JAR contains the Java-implementation of the Jetspeed schema for LDAP. You
will need to download the jar file and drop it into the <i>/lib</i> directory
in the Apache DS distribution.
-Download the Jetspeed 2.1.2 LDAP schema JAR file from here:
+The bean references a class named
<i>org.apache.jetspeed.security.ldap.JetspeedSchema</i>. This class is included
in a JAR file that Jetspeed provides for you, see below.
+</p>
+<p>Next, we need to create a new domain for the jetspeed schema named
<b>sevenSeas</b>. The following steps will create the sevenSeas domain in
Apache DS.
+<p>To add a partition with the suffix <b>"o=sevenSeas"</b> and the id
<b>"sevenSeasPartitionConfiguration"</b>, editthe conf/server.xml file in
Apache DS.
+Open it in your favorite editor and look for the following element with name
contextPartitionConfigurations. Add a second ref element for the sevenSeas
partition:</p>
+</p>
+<source><![CDATA[
+<property name="contextPartitionConfigurations">
+ <set>
+ <ref bean="examplePartitionConfiguration"/>
+ <ref bean="sevenSeasPartitionConfiguration"/>
+ </set>
+</property>
+]]></source>
+<p>Next, create the actual partition for Seven Seas by pasting this code in
after the examplePartitionConfiguration (you can also remove the example
partition and ref if you like):</p>
+<source><![CDATA[
+<bean id="sevenSeasPartitionConfiguration"
class="org.apache.directory.server.core.partition.impl.btree.MutableBTreePartitionConfiguration">
+
+ <!-- the optimizer is enabled by default but may not always be what -->
+ <!-- you want if your queries are really simple -->
+ <!--<property name="optimizerEnabled" value="true" />-->
+
+ <property name="name" value="The seven seas" />
+ <property name="cacheSize" value="100" />
+ <property name="suffix" value="o=sevenSeas" />
+ <property name="optimizerEnabled" value="true" />
+ <property name="synchOnWrite" value="true" />
+
+
+ <!--
+ Synchronization on writes does not wait for synch operations
+ to flush dirty pages. Writes persist immediately to disk at
+ a cost to performance with increased data integrity. Otherwise
+ the periodic synch operation will flush dirty pages using the
+ synchPeriodMillis parameter in the main configuration.
+ -->
+
+ <property name="indexedAttributes">
+ <set>
+ <bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
+ <property name="attributeId" value="dc" />
+ <property name="cacheSize" value="100" />
+ </bean>
+ <bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
+ <property name="attributeId" value="ou" />
+ <property name="cacheSize" value="100" />
+ </bean>
+ <bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
+ <property name="attributeId" value="krb5PrincipalName" />
+ <property name="cacheSize" value="100" />
+ </bean>
+ <bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
+ <property name="attributeId" value="uid" />
+ <property name="cacheSize" value="100" />
+ </bean>
+ <bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
+ <property name="attributeId" value="objectClass" />
+ <property name="cacheSize" value="100" />
+ </bean>
+ </set>
+ </property>
+ <property name="contextEntry">
+ <value>
+ objectClass: top
+ objectClass: domain
+ objectClass: extensibleObject
+ o: sevenSeas
+ </value>
+ </property>
+ </bean>
+</bean>
+]]></source>
+<p>Note that the important areas that you may need to change if you need to
customize your partition are the name of the partition:</p>
+<source><![CDATA[
+<bean id="sevenSeasPartitionConfiguration"
+]]></source>
+<p>The suffix:</p>
+<source><![CDATA[
+<property name="suffix" value="o=sevenSeas" />
+]]></source>
+<p>The last property remaining now is the context entry.
+ The object classes top and extensibleObject are universal hence they
remain.
+ But the object class domain is replaced by the object class organization,
because our partition should not represent a domain but an organization:</p>
+<source><![CDATA[
+<property name="contextEntry">
++ <value>
++ objectClass: top
++ objectClass: organization
++ objectClass: extensibleObject
++ o: sevenSeas
++ </value>
++</property>
+]]></source>
+<p>
+After saving the server.xml, you will need to download the jar file and drop
it into the <i>/lib</i> directory in the Apache DS distribution.
+The JAR contains the Java-implementation of the Jetspeed schema for LDAP.
+For ApacheDS version 1.0.2, download the Jetspeed LDAP schema JAR file from
here:
+</p>
+<p><a
href='http://people.apache.org/~taylor/LDAP/jetspeed-security-schema-2.1.3.jar'>Apache
DS 1.0.2 - Jetspeed Schema Files</a></p>
+<p>
+For ApacheDS version 0.9.3, download the Jetspeed LDAP schema JAR file from
here:
</p>
-<p><a
href='http://people.apache.org/~taylor/LDAP/jetspeed-security-schema-2.1.3-dev.jar'>http://people.apache.org/~taylor/LDAP/jetspeed-security-schema-2.1.3-dev.jar</a></p>
+<p><a
href='http://people.apache.org/~taylor/LDAP/jetspeed-security-schema-2.1.3-0.9.3.jar'>Apache
DS 0.9.3 - Jetspeed Schema Files</a></p>
<p>After dropping in the jar file, restart the server. Apache DS should now be
ready to support Jetspeed schemas.
When the server starts up, make sure that there are no error messages printing
out on the console related to this configuration</p>
</subsection>
<subsection name='Jetspeed Configuration'>
- <p>So, how do you tie Jetspeed into ApacheDS, now that ApacheDS has
the required schema? There are two major steps. </p>
+ <p>So, how do you tie Jetspeed into ApacheDS, now that ApacheDS has
the required schema? There are two steps.</p>
<p>First, you need to modify the Spring configuration file for LDAP
security in Jetspeed.</p>
<p>Second, you need to set up a working administrator account in the
LDAP directory, so that you'll be able to log into Jetspeed.</p>
<p>
@@ -78,7 +182,7 @@
(If 2.1.3 has not been release by the time you read this, you'll have to
obtain the current LDAP implementation code from here:
</p>
<p><a
href='http://people.apache.org/~taylor/LDAP/jetspeed-security-2.1.3-dev.jar'>http://people.apache.org/~taylor/LDAP/jetspeed-security-2.1.3-dev.jar</a></p>
- <p>For the first step,you will need to download three Spring
configuration files. When Jetspeed is deployed to Tomcat,
+ <p>For the first step, you will need to download three Spring
configuration files. When Jetspeed is deployed to Tomcat,
it should be placed under <i>WEB-INF/assembly/override/</i>
directory. Download from here:
</p>
<p><a
href='http://people.apache.org/~taylor/LDAP/security-spi-ldap.xml'>http://people.apache.org/~taylor/LDAP/security-spi-ldap.xml</a></p>
@@ -87,8 +191,8 @@
<p>The <i>security-spi-ldap.xml</i> file will need to be modified.
The other two do not need to be modified.</p>
<p>One last step is to remove two files from the
<i>WEB-INF/assembly</i> directory:</p>
<table>
- <tr><td>cp security-spi-atn.xml alternate/</td></tr>
- <tr><td>cp security-spi-atz.xml alternate/</td></tr>
+ <tr><td>mv security-spi-atn.xml alternate/</td></tr>
+ <tr><td>mv security-spi-atz.xml alternate/</td></tr>
</table>
</subsection>
<subsection name='Configuring security-spi-ldap.xml'>
@@ -104,7 +208,7 @@
<!-- The LDAP initial context factory. -->
<constructor-arg
index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
<!-- The LDAP server name. -->
- <constructor-arg
index="1"><value>svn.bluesunrise.com</value></constructor-arg>
+ <constructor-arg index="1"><value>localhost</value></constructor-arg>
<!-- The LDAP server port. -->
<constructor-arg index="2"><value>10389</value></constructor-arg>
<!-- The LDAP server root context. -->
@@ -134,11 +238,11 @@
<!-- The defaultSearchBase. -->
<constructor-arg index="15"><value>o=sevenSeas</value></constructor-arg>
<!-- The roleFilterBase. -->
- <constructor-arg
index="16"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+ <constructor-arg
index="16"><value>ou=Roles,ou=rootOrg</value></constructor-arg>
<!-- The groupFilterBase. -->
- <constructor-arg
index="17"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+ <constructor-arg
index="17"><value>ou=Groups,ou=rootOrg</value></constructor-arg>
<!-- The userFilterBase. -->
- <constructor-arg
index="18"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+ <constructor-arg
index="18"><value>ou=People,ou=rootOrg</value></constructor-arg>
<!-- The roleObjectClasses. -->
<constructor-arg
index="19"><value>top,groupOfUniqueNames,jetspeed-2-role</value></constructor-arg>
<!-- The groupObjectClasses. -->
@@ -182,7 +286,7 @@
You will probably need to make changes in the following
locations in order to make it work with your setup.
I've listed them according to the constructor argument it uses
in the XML file.
Possible changes marked with a <b>(!)</b> will require a
corresponding change to the LDIF file (explained later),
- so don't change them unless you understand what you're doing in
both files.
+ so do not change them unless you understand what you're doing
in both files.
</p>
<table>
<tr><td>1. The hostname of your LDAP server. In our case, it
was "localhost".
@@ -191,12 +295,12 @@
<tr><td>3.(!) We set the organization name as "o=sevenSeas", as was
done in the ApacheDS example.
If you want to use a different organization name, you can change
it to anything of the form "o=yourOrganizationName".</td></tr>
<tr><td>15.(!) If you changed your organization name in #3, you need
to make the exact same change here.</td></tr>
- <tr><td>16.(!) We stored all Jetspeed keys in a group called
"ou=OrgUnit1".
+ <tr><td>16.(!) We stored all Jetspeed keys in a group called
"ou=rootOrg".
You can change the name of it to anything you want, as long
as it's of the form "ou=yourOrganizationalUnit",
and your changes are reflected in #17, #18, and the LDIF
file.
- Within the "ou=OrgUnit1" directory, we stored all roles in
a subdirectory called "ou=Roles".
+ Within the "ou=rootOrg" directory, we stored all roles in
a subdirectory called "ou=Roles".
Chances are you have no need to change that name as
weell.</td></tr>
- <tr><td>17.(!) As mentioned in #16, if you change the name of
"ou=OrgUnit1", you need to change this value accordingly.</td></tr>
+ <tr><td>17.(!) As mentioned in #16, if you change the name of
"ou=rootOrg", you need to change this value accordingly.</td></tr>
<tr><td>18.(!) Same as #17.</td></tr>
</table>
<p>The other arguments are unlikely to require changes unless the
LDAP schema itself is changed.
@@ -213,106 +317,133 @@
For your convenience, you can download this LDIF file from here:
</p>
<p><a
href='http://people.apache.org/~taylor/LDAP/jetspeed-apacheds.ldif'>http://people.apache.org/~taylor/LDAP/jetspeed-apacheds.ldif</a></p>
+ <p> With Apache DS, we could not create the root domain with an LDIF
import. Instead we had to create a partition as described above.
+ Also take a look at the <a
href='http://people.apache.org/~taylor/LDAP/root.ldif'>root.ldif</a> file, as
it contains the root definitions for the sevenSeas organization that you may
need on different LDAP server.
+ </p>
<p>
We recommend using <a href='http://directory.apache.org/studio/'>LDAP
Studio</a> to import the Jetspeed LDIF file into the Apache DS server via
File->Import
</p>
<source><![CDATA[
-dn: o=sevenSeas
-objectClass: domain
-objectClass: extensibleObject
-objectClass: top
-o: sevenSeas
-
-dn: ou=OrgUnit2,o=sevenSeas
-objectClass: organizationalUnit
-objectClass: top
-ou: OrgUnit2
-
-dn: ou=OrgUnit3,o=sevenSeas
+dn: ou=rootOrg,o=sevenSeas
objectClass: organizationalUnit
objectClass: top
-ou: OrgUnit3
+ou: rootOrg
-dn: ou=People,ou=OrgUnit2,o=sevenSeas
+dn: ou=People,ou=rootOrg,o=sevenSeas
objectClass: organizationalUnit
objectClass: top
ou: People
-dn: ou=Groups,ou=OrgUnit2,o=sevenSeas
+dn: ou=Groups,ou=rootOrg,o=sevenSeas
objectClass: organizationalUnit
objectClass: top
ou: Groups
-dn: ou=Roles,ou=OrgUnit2,o=sevenSeas
+dn: ou=Roles,ou=rootOrg,o=sevenSeas
objectClass: organizationalUnit
objectClass: top
ou: Roles
-dn: ou=People,ou=OrgUnit3,o=sevenSeas
-objectClass: organizationalUnit
+dn: cn=accounting,ou=Groups,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-group
+objectClass: groupOfUniqueNames
objectClass: top
-ou: People
+cn: accounting
+j2-classname: accounting
+uid: accounting
+uniquemember: user,local,sublocal
-dn: ou=Groups,ou=OrgUnit3,o=sevenSeas
-objectClass: organizationalUnit
+dn: cn=engineering,ou=Groups,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-group
+objectClass: groupOfUniqueNames
objectClass: top
-ou: Groups
+cn: engineering
+j2-classname: engineering
+uid: engineering
+uniquemember: user
-dn: ou=Roles,ou=OrgUnit3,o=sevenSeas
-objectClass: organizationalUnit
+dn: cn=marketing,ou=Groups,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-group
+objectClass: groupOfUniqueNames
objectClass: top
-ou: Roles
+cn: marketing
+j2-classname: marketing
+uid: marketing
+uniquemember: user
-dn: ou=OrgUnit1,o=sevenSeas
-objectClass: organizationalUnit
+dn: cn=admin,ou=Roles,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-role
+objectClass: groupOfUniqueNames
objectClass: top
-ou: OrgUnit1
+cn: admin
+j2-classname: admin
+uid: admin
+uniquemember: admin
-dn: ou=People,ou=OrgUnit1,o=sevenSeas
-objectClass: organizationalUnit
+dn: cn=manager,ou=Roles,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-role
+objectClass: groupOfUniqueNames
objectClass: top
-ou: People
+cn: manager
+j2-classname: manager
+uid: manager
+uniquemember: admin,jetspeed,manager
-dn: ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: organizationalUnit
+dn: cn=user,ou=Roles,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-role
+objectClass: groupOfUniqueNames
objectClass: top
-ou: Groups
+cn: user
+j2-classname: user
+uid: user
+uniquemember: user,admin,manager,local
-dn: ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: organizationalUnit
+dn: cn=guest,ou=Roles,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-role
+objectClass: groupOfUniqueNames
objectClass: top
-ou: Roles
+cn: guest
+j2-classname: guest
+uid: guest
+uniquemember: guest
-dn: cn=admin,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: jetspeed-2-group
+dn: cn=subsite,ou=Roles,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-role
objectClass: groupOfUniqueNames
objectClass: top
-cn: admin
-j2-classname: admin
-uid: admin
-uniquemember: admin
-uniquemember: joe
+cn: subsite
+j2-classname: subsite
+uid: subsite
+uniquemember: subsite
-dn: cn=user,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: jetspeed-2-group
+dn: cn=subsite2,ou=Roles,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-role
objectClass: groupOfUniqueNames
objectClass: top
-cn: user
-j2-classname: user
-uid: user
-uniquemember: user
-uniquemember: joe
+cn: subsite2
+j2-classname: subsite2
+uid: subsite2
+uniquemember: subsite
-dn: cn=user,ou=Roles,ou=OrgUnit1,o=sevenSeas
+dn: cn=dev,ou=Roles,ou=rootOrg,o=sevenSeas
objectClass: jetspeed-2-role
objectClass: groupOfUniqueNames
objectClass: top
-cn: user
-j2-classname: user
-uid: user
-uniquemember: user
+cn: dev
+j2-classname: dev
+uid: dev
+uniquemember: dev
-dn: cn=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+dn: cn=devmgr,ou=Roles,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-role
+objectClass: groupOfUniqueNames
+objectClass: top
+cn: devmgr
+j2-classname: devmgr
+uid: devmgr
+uniquemember: devmgr
+
+dn: cn=admin,ou=People,ou=rootOrg,o=sevenSeas
objectClass: organizationalPerson
objectClass: person
objectClass: jetspeed-2-user
@@ -327,60 +458,156 @@
uid: admin
userpassword:: c2VjcmV0
-dn: cn=joe,ou=People,ou=OrgUnit1,o=sevenSeas
+dn: cn=manager,ou=People,ou=rootOrg,o=sevenSeas
objectClass: organizationalPerson
objectClass: person
objectClass: jetspeed-2-user
objectClass: inetOrgPerson
objectClass: top
-cn: joe
-j2-role: cn=admin,ou=Roles,o=sevenSeas
-sn: joe
-uid: joe
-userpassword:: am9l
+cn: manager
+givenname: Manager
+j2-role: manager
+j2-role: user
+sn: manager
+uid: manager
+userpassword:: c2VjcmV0
-dn: cn=admin,ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: jetspeed-2-role
-objectClass: groupOfUniqueNames
+dn: cn=user,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
objectClass: top
-cn: admin
-j2-classname: admin
-uid: admin
-uniquemember: admin
+cn: user
+givenname: User
+j2-role: user
+sn: user
+uid: user
+userpassword:: c2VjcmV0
-dn: cn=manager,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: jetspeed-2-group
-objectClass: groupOfUniqueNames
+dn: cn=local,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
objectClass: top
-cn: manager
-j2-classname: manager
-uid: manager
-uniquemember: admin
+cn: local
+givenname: Local
+j2-role: user
+sn: local
+uid: local
+userpassword:: c2VjcmV0
-dn: cn=manager,ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: jetspeed-2-role
-objectClass: groupOfUniqueNames
+dn: cn=sublocal,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
objectClass: top
-cn: manager
-j2-classname: manager
-uid: manager
-uniquemember: admin
+cn: sublocal
+givenname: sublocal
+j2-role: user
+sn: sublocal
+uid: sublocal
+userpassword:: c2VjcmV0
+
+dn: cn=tomcat,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
+objectClass: top
+cn: tomcat
+givenname: tomcat
+sn: tomcat
+uid: tomcat
+userpassword:: c2VjcmV0
+
+dn: cn=jetspeed,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
+objectClass: top
+cn: jetspeed
+givenname: jetspeed
+j2-role: manager
+sn: jetspeed
+uid: jetspeed
+userpassword:: c2VjcmV0
+
+dn: cn=guest,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
+objectClass: top
+cn: guest
+givenname: guest
+sn: guest
+uid: guest
+userpassword:: c2VjcmV0
+
+dn: cn=subsite,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
+objectClass: top
+cn: subsite
+givenname: subsite
+j2-role: subsite
+j2-role: subsite2
+j2-role: user
+sn: subsite
+uid: subsite
+userpassword:: c2VjcmV0
+
+dn: cn=subsite2,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
+objectClass: top
+cn: subsite2
+givenname: subsite2
+j2-role: subsite
+j2-role: subsite2
+j2-role: user
+sn: subsite2
+uid: subsite2
+userpassword:: c2VjcmV0
+
+dn: cn=devmgr,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
+objectClass: top
+cn: devmgr
+givenname: devmgr
+j2-role: devmgr
+j2-role: dev
+j2-role: user
+sn: devmgr
+uid: devmgr
+userpassword:: c2VjcmV0
]]></source>
<p>
So what exactly does it produce, from a Jetspeed perspective?
</p>
<table>
-<tr><td>* Three roles, "cn=admin", "cn=manager", and "cn=user", all of which
are required for normal operation of Jetspeed.</td></tr>
-<tr><td>* Three groups, each corresponding to one of the aforementioned roles.
They are not strictly required for normal operation of Jetspeed, but they show
how groups are declared.
- Nobody is assigned to any of these groups.</td></tr>
-<tr><td>* An administrator user, with name "admin" and password "secret".
- This user has both the "admin" and "manager" roles, so it has full access to
Jetspeed's administrative portlets.</td></tr>
-<tr><td>* A normal user, with name "joe" and password "joe". This account has
the normal "user" role.</td></tr>
+<tr><td>* All the same roles, users, and groups that come with Jetspeed out of
the box on a relational database, required for normal operation of
Jetspeed.</td></tr>
+<tr><td>* Three groups (accounting, engineering, marketing) are created. They
are not strictly required for normal operation of Jetspeed, but they show how
groups are declared.</td></tr>
+<tr><td>* Eight roles (guest, admin, devmgr, jetspeed, local, manager,
sublocal, subsite, subsite2, tomcat, user) are created, the same set of roles
found in the demo distribution of Jetspeed 2.1.3</td></tr>
+<tr><td>* The administrative user has the name <b>admin</b>.
+ This user has both the "admin" and "manager" roles, so it has full access to
all administrative portlets.</td></tr>
+<tr><td>* All users are created with the password <b>secret</b>.</td></tr>
</table>
<p><b>WARNING:</b> If you modified any of the arguments from
security-spi-ldap.xml that had a (!) next to their explanations, the above LDIF
file will not work.
It will import into your LDAP server just fine, but Jetspeed will be unable to
use it.
Here's a list of the changes you'll need to make to the LDIF file, according
to which argument you modified
- (if you didn't change it in the XML file, you don't need to change it in the
LDIF file):
+ (if you didn't change it in the XML file, you do not need to change it in the
LDIF file):
</p>
<table>
<tr><td>3. If you changed your organization name (the default was
"o=sevenSeas"), you need to change it every single time it appears in the LDIF
file.
@@ -388,7 +615,7 @@
"o=sevenSeas" are left over (i.e. if you miss one or two), then the LDAP
server will reject the LDIF file as malformed.
</td></tr>
<tr><td>15. Same as #3.</td></tr>
-<tr><td>16. If you changed your organization unit (the default was
"ou=OrgUnit1"), you need to change it every single time it appears in the LDIF
file.
+<tr><td>16. If you changed your organization unit (the default was
"ou=rootOrg"), you need to change it every single time it appears in the LDIF
file.
You can use the same "find/replace" trick as with #3. As with #3, a mistake
here will result in a malformed LDIF file.</td></tr>
<tr><td>17. Same as #16.</td></tr>
<tr><td>18. Same as #16.</td></tr>
@@ -473,13 +700,13 @@
<td>15</td><td>defaultSearchBase</td><td></td>
</tr>
<tr>
- <td>16</td><td>roleFilterBase</td><td>ou=Roles,ou=OrgUnit1</td>
+ <td>16</td><td>roleFilterBase</td><td>ou=Roles,ou=rootOrg</td>
</tr>
<tr>
- <td>17</td><td>groupFilterBase</td><td>ou=Groups,ou=OrgUnit1</td>
+ <td>17</td><td>groupFilterBase</td><td>ou=Groups,ou=rootOrg</td>
</tr>
<tr>
- <td>18</td><td>userFilterBase</td><td>ou=People,ou=OrgUnit1</td>
+ <td>18</td><td>userFilterBase</td><td>ou=People,ou=rootOrg</td>
</tr>
<tr>
<td>19</td><td>roleObjectClasses</td><td>top,groupOfUniqueNames</td>
@@ -806,7 +1033,7 @@
</p>
<p>
In the screenshot below, we have a Role object defined by<br/>
- <b>cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas</b>
+ <b>cn=Role3,ou=Roles,ou=rootOrg,o=sevenSeas</b>
</p>
<p>The role contains a member attribute, listing all users belonging
to that role.</p>
<p align="center">
@@ -824,7 +1051,7 @@
<br/>
<p>
When this attribute is set, Jetspeed will determine the roles for a
particular user by performing the following query:
-
<source><![CDATA[(&(member=cn=user1,ou=people,ou=orgunit1,o=sevenSeas)(objectclass=groupOfNames))]]></source>
+
<source><![CDATA[(&(member=cn=user1,ou=people,ou=rootOrg,o=sevenSeas)(objectclass=groupOfNames))]]></source>
</p>
<p>
This search filter will return any number of Roles in the directory.
@@ -858,7 +1085,7 @@
</p>
<p>
As you can see, the user belongs to a role defined by<br/>
- <b>cn=role1,ou=Roles,OrgUnit1,o=sevenSeas</b>.
+ <b>cn=role1,ou=Roles,rootOrg,o=sevenSeas</b>.
</p>
<p>In order to resolve role membership, Jetspeed will search the
directory for roles by using the following filter:
<source><![CDATA[
@@ -1052,14 +1279,14 @@
<p>Jetspeed allows you to define the search base that will be applied
to queries for roles, groups and users.</p>
<p>Roles, groups and user are typically stored in well-defined
containers within the LDAP structure.</p>
<ul>
- <li>Roles can be stored in ou=Roles,ou=OrgUnit1</li>
- <li>Groups can be stored in ou=Groups,ou=OrgUnit1</li>
- <li>Users can be stored in ou=People,ou=OrgUnit1</li>
+ <li>Roles can be stored in ou=Roles,ou=rootOrg</li>
+ <li>Groups can be stored in ou=Groups,ou=rootOrg</li>
+ <li>Users can be stored in ou=People,ou=rootOrg</li>
</ul>
<p>
This allows you to have the following structure in your LDAP schema.
Notice how there are many organizational units within the o=sevenSeas schema.
- Jetspeed will limit its search scope on the LDAP to the property
values defined above. This means that only roles, groups and people within
OrgUnit1 will be used by Jetspeed.
+ Jetspeed will limit its search scope on the LDAP to the property
values defined above. This means that only roles, groups and people within
rootOrg will be used by Jetspeed.
</p>
<p align="center">
<img src="images/ldap/ObjectFilterBase.png" border="0"/><br/>
@@ -1074,7 +1301,7 @@
Using the property value below, Jetspeed will search for roles in
the ou=Roles,ou=OrgUnit subtree.
<source><![CDATA[
<constructor-arg index="16">
- <value>ou=Roles,ou=OrgUnit1</value>
+ <value>ou=Roles,ou=rootOrg</value>
</constructor-arg>]]></source>
</p>
<p align="center">
@@ -1087,7 +1314,7 @@
Using the property value above, Jetspeed will search for groups in
the ou=Groups,ou=OrgUnit subtree.
<source><![CDATA[
<constructor-arg index="17">
- <value>ou=Groups,ou=OrgUnit1</value>
+ <value>ou=Groups,ou=rootOrg</value>
</constructor-arg>]]></source>
</p>
<p align="center">
@@ -1100,7 +1327,7 @@
Using the property value above, Jetspeed will search for users in
the ou=People,ou=OrgUnit subtree.
<source><![CDATA[
<constructor-arg index="18">
- <value>ou=People,ou=OrgUnit1</value>
+ <value>ou=People,ou=rootOrg</value>
</constructor-arg>]]></source>
</p>
<p align="center">
@@ -1182,8 +1409,8 @@
The naming attribute is the attribute that uniquely defines the
object within its subdirectory.
</p>
- <p>In the screenshot below, you can see that the admin user in
OrgUnit1/People is defined by <b>cn=admin</b>.</p>
- <p><b>cn</b> is the naming attribute for the user object, as no 2
admin users can exist in the OrgUnit1/People subdirectory</p>
+ <p>In the screenshot below, you can see that the admin user in
rootOrg/People is defined by <b>cn=admin</b>.</p>
+ <p><b>cn</b> is the naming attribute for the user object, as no 2
admin users can exist in the rootOrg/People subdirectory</p>
<p align="center">
<img src="images/ldap/IdAttributes.png" border="0"/><br/>
Modified:
portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/jetspeed-apacheds.ldif
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/jetspeed-apacheds.ldif?rev=589958&r1=589957&r2=589958&view=diff
==============================================================================
--- portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/jetspeed-apacheds.ldif
(original)
+++ portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/jetspeed-apacheds.ldif
Mon Oct 29 21:52:16 2007
@@ -1,99 +1,123 @@
-dn: o=sevenSeas
-objectClass: domain
-objectClass: extensibleObject
-objectClass: top
-o: sevenSeas
-
-dn: ou=OrgUnit2,o=sevenSeas
-objectClass: organizationalUnit
-objectClass: top
-ou: OrgUnit2
-
-dn: ou=OrgUnit3,o=sevenSeas
+dn: ou=rootOrg,o=sevenSeas
objectClass: organizationalUnit
objectClass: top
-ou: OrgUnit3
+ou: rootOrg
-dn: ou=People,ou=OrgUnit2,o=sevenSeas
+dn: ou=People,ou=rootOrg,o=sevenSeas
objectClass: organizationalUnit
objectClass: top
ou: People
-dn: ou=Groups,ou=OrgUnit2,o=sevenSeas
+dn: ou=Groups,ou=rootOrg,o=sevenSeas
objectClass: organizationalUnit
objectClass: top
ou: Groups
-dn: ou=Roles,ou=OrgUnit2,o=sevenSeas
+dn: ou=Roles,ou=rootOrg,o=sevenSeas
objectClass: organizationalUnit
objectClass: top
ou: Roles
-dn: ou=People,ou=OrgUnit3,o=sevenSeas
-objectClass: organizationalUnit
+dn: cn=accounting,ou=Groups,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-group
+objectClass: groupOfUniqueNames
objectClass: top
-ou: People
+cn: accounting
+j2-classname: accounting
+uid: accounting
+uniquemember: user,local,sublocal
-dn: ou=Groups,ou=OrgUnit3,o=sevenSeas
-objectClass: organizationalUnit
+dn: cn=engineering,ou=Groups,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-group
+objectClass: groupOfUniqueNames
objectClass: top
-ou: Groups
+cn: engineering
+j2-classname: engineering
+uid: engineering
+uniquemember: user
-dn: ou=Roles,ou=OrgUnit3,o=sevenSeas
-objectClass: organizationalUnit
+dn: cn=marketing,ou=Groups,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-group
+objectClass: groupOfUniqueNames
objectClass: top
-ou: Roles
+cn: marketing
+j2-classname: marketing
+uid: marketing
+uniquemember: user
-dn: ou=OrgUnit1,o=sevenSeas
-objectClass: organizationalUnit
+dn: cn=admin,ou=Roles,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-role
+objectClass: groupOfUniqueNames
objectClass: top
-ou: OrgUnit1
+cn: admin
+j2-classname: admin
+uid: admin
+uniquemember: admin
-dn: ou=People,ou=OrgUnit1,o=sevenSeas
-objectClass: organizationalUnit
+dn: cn=manager,ou=Roles,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-role
+objectClass: groupOfUniqueNames
objectClass: top
-ou: People
+cn: manager
+j2-classname: manager
+uid: manager
+uniquemember: admin,jetspeed,manager
-dn: ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: organizationalUnit
+dn: cn=user,ou=Roles,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-role
+objectClass: groupOfUniqueNames
objectClass: top
-ou: Groups
+cn: user
+j2-classname: user
+uid: user
+uniquemember: user,admin,manager,local
-dn: ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: organizationalUnit
+dn: cn=guest,ou=Roles,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-role
+objectClass: groupOfUniqueNames
objectClass: top
-ou: Roles
+cn: guest
+j2-classname: guest
+uid: guest
+uniquemember: guest
-dn: cn=admin,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: jetspeed-2-group
+dn: cn=subsite,ou=Roles,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-role
objectClass: groupOfUniqueNames
objectClass: top
-cn: admin
-j2-classname: admin
-uid: admin
-uniquemember: admin
-uniquemember: joe
+cn: subsite
+j2-classname: subsite
+uid: subsite
+uniquemember: subsite
-dn: cn=user,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: jetspeed-2-group
+dn: cn=subsite2,ou=Roles,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-role
objectClass: groupOfUniqueNames
objectClass: top
-cn: user
-j2-classname: user
-uid: user
-uniquemember: user
-uniquemember: joe
+cn: subsite2
+j2-classname: subsite2
+uid: subsite2
+uniquemember: subsite
-dn: cn=user,ou=Roles,ou=OrgUnit1,o=sevenSeas
+dn: cn=dev,ou=Roles,ou=rootOrg,o=sevenSeas
objectClass: jetspeed-2-role
objectClass: groupOfUniqueNames
objectClass: top
-cn: user
-j2-classname: user
-uid: user
-uniquemember: user
+cn: dev
+j2-classname: dev
+uid: dev
+uniquemember: dev
+
+dn: cn=devmgr,ou=Roles,ou=rootOrg,o=sevenSeas
+objectClass: jetspeed-2-role
+objectClass: groupOfUniqueNames
+objectClass: top
+cn: devmgr
+j2-classname: devmgr
+uid: devmgr
+uniquemember: devmgr
-dn: cn=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+dn: cn=admin,ou=People,ou=rootOrg,o=sevenSeas
objectClass: organizationalPerson
objectClass: person
objectClass: jetspeed-2-user
@@ -108,41 +132,137 @@
uid: admin
userpassword:: c2VjcmV0
-dn: cn=joe,ou=People,ou=OrgUnit1,o=sevenSeas
+dn: cn=manager,ou=People,ou=rootOrg,o=sevenSeas
objectClass: organizationalPerson
objectClass: person
objectClass: jetspeed-2-user
objectClass: inetOrgPerson
objectClass: top
-cn: joe
-j2-role: cn=admin,ou=Roles,o=sevenSeas
-sn: joe
-uid: joe
-userpassword:: am9l
+cn: manager
+givenname: Manager
+j2-role: manager
+j2-role: user
+sn: manager
+uid: manager
+userpassword:: c2VjcmV0
-dn: cn=admin,ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: jetspeed-2-role
-objectClass: groupOfUniqueNames
+dn: cn=user,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
objectClass: top
-cn: admin
-j2-classname: admin
-uid: admin
-uniquemember: admin
+cn: user
+givenname: User
+j2-role: user
+sn: user
+uid: user
+userpassword:: c2VjcmV0
-dn: cn=manager,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: jetspeed-2-group
-objectClass: groupOfUniqueNames
+dn: cn=local,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
objectClass: top
-cn: manager
-j2-classname: manager
-uid: manager
-uniquemember: admin
+cn: local
+givenname: Local
+j2-role: user
+sn: local
+uid: local
+userpassword:: c2VjcmV0
-dn: cn=manager,ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: jetspeed-2-role
-objectClass: groupOfUniqueNames
+dn: cn=sublocal,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
objectClass: top
-cn: manager
-j2-classname: manager
-uid: manager
-uniquemember: admin
+cn: sublocal
+givenname: sublocal
+j2-role: user
+sn: sublocal
+uid: sublocal
+userpassword:: c2VjcmV0
+
+dn: cn=tomcat,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
+objectClass: top
+cn: tomcat
+givenname: tomcat
+sn: tomcat
+uid: tomcat
+userpassword:: c2VjcmV0
+
+dn: cn=jetspeed,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
+objectClass: top
+cn: jetspeed
+givenname: jetspeed
+j2-role: manager
+sn: jetspeed
+uid: jetspeed
+userpassword:: c2VjcmV0
+
+dn: cn=guest,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
+objectClass: top
+cn: guest
+givenname: guest
+sn: guest
+uid: guest
+userpassword:: c2VjcmV0
+
+dn: cn=subsite,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
+objectClass: top
+cn: subsite
+givenname: subsite
+j2-role: subsite
+j2-role: subsite2
+j2-role: user
+sn: subsite
+uid: subsite
+userpassword:: c2VjcmV0
+
+dn: cn=subsite2,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
+objectClass: top
+cn: subsite2
+givenname: subsite2
+j2-role: subsite
+j2-role: subsite2
+j2-role: user
+sn: subsite2
+uid: subsite2
+userpassword:: c2VjcmV0
+
+dn: cn=devmgr,ou=People,ou=rootOrg,o=sevenSeas
+objectClass: organizationalPerson
+objectClass: person
+objectClass: jetspeed-2-user
+objectClass: inetOrgPerson
+objectClass: top
+cn: devmgr
+givenname: devmgr
+j2-role: devmgr
+j2-role: dev
+j2-role: user
+sn: devmgr
+uid: devmgr
+userpassword:: c2VjcmV0
Added: portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/root.ldif
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/root.ldif?rev=589958&view=auto
==============================================================================
--- portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/root.ldif (added)
+++ portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/root.ldif Mon Oct 29
21:52:16 2007
@@ -0,0 +1,8 @@
+# try running this before jetspeed-apacheds.ldif
+# for apache ds, you will need to create a new domain, and not use this file.
+# see the Jetspeed online documentation
+dn: o=sevenSeas
+objectClass: domain
+objectClass: extensibleObject
+objectClass: top
+o: sevenSeas
Added: portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/server.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/server.xml?rev=589958&view=auto
==============================================================================
--- portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/server.xml (added)
+++ portals/jetspeed-2/branches/JETSPEED-2.1.3/etc/ldif/server.xml Mon Oct 29
21:52:16 2007
@@ -0,0 +1,313 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
+ "http://www.springframework.org/dtd/spring-beans.dtd";>
+
+<beans>
+ <bean id="environment"
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
+ <property name="properties">
+ <props>
+ <prop key="java.naming.security.authentication">simple</prop>
+ <prop key="java.naming.security.principal">uid=admin,ou=system</prop>
+ <prop key="java.naming.security.credentials">secret</prop>
+ <!--<prop key="kdc.entryBaseDn">ou=users,dc=example,dc=com</prop>-->
+ <!--<prop key="kdc.java.naming.security.credentials">secret</prop>-->
+ <!--<prop
key="changepw.entryBaseDn">ou=users,dc=example,dc=com</prop>-->
+ <!--<prop
key="changepw.java.naming.security.credentials">secret</prop>-->
+ <!-- Set this key to a space delimited set of attributeType
descriptions
+ and their OID's if you want an attributeType to be handled as
+ binary content.
+
+ The server will use the schema to derive the set of attributeTypes
+ to treat as binary. The union if the values you provide here
+ will be taken as the set of binaries. Note to be consistent you
+ must add both the OID and all the names an attributeType can have.
+ -->
+ <!--
+ <prop key="java.naming.ldap.attributes.binary"></prop>
+ -->
+ </props>
+ </property>
+ </bean>
+
+ <bean id="configuration"
class="org.apache.directory.server.configuration.MutableServerStartupConfiguration">
+ <property name="workingDirectory" value="example.com" />
+
+ <!-- Uncomment below to have the server load entries on startup! -->
+ <!-- ldifDirectory property can point to a relative file, directory or -->
+ <!-- can point to an absolute path to either using the URL path -->
+ <!-- notation: i.e. file:///Users/jack/apacheds/ldifs -->
+
+ <!-- Entries will optionally be filtered using LdifLoadFilters in the -->
+ <!-- order specified. The included Krb5KdcEntryFilter will filter -->
+ <!-- kerberos principals creating keys for them using their -->
+ <!-- userPassword attribute if present. -->
+
+ <!--<property name="ldifDirectory">
+ <value>example.ldif</value>
+ </property>
+ <property name="ldifFilters">
+ <list>
+ <bean
class="org.apache.directory.server.protocol.shared.store.Krb5KdcEntryFilter"/>
+ </list>
+ </property>-->
+
+ <!-- the number of milliseconds before issuing a synch (flush to disk) -->
+ <!-- which writes out dirty pages back to disk. To turn off synchs all -->
+ <!-- together simply set this value to <= 0. Make sure you turn on -->
+ <!-- synchOnWrite for all partitions if you do choose to do this or else-->
+ <!-- writes may never persist to disk. -->
+ <property name="synchPeriodMillis" value="15000" />
+
+ <!-- limits searches by non-admin users to a max time of 15000 -->
+ <!-- milliseconds and has a default value of 10000 -->
+ <property name="maxTimeLimit" value="15000" />
+ <!-- limits searches to max size of 1000 entries: default value is 100 -->
+ <property name="maxSizeLimit" value="1000" />
+ <!-- maximum number of threads used by mina is set to 8: default is 4 -->
+ <property name="maxThreads" value="8" />
+
+ <property name="allowAnonymousAccess" value="false" />
+ <property name="accessControlEnabled" value="false" />
+ <property name="enableNtp" value="false" />
+ <property name="enableKerberos" value="false" />
+ <property name="enableChangePassword" value="false" />
+
+ <!--
+ It's more efficient to keep this feature turned off but you may not like
+ having the creatorsName and modifiersName contain OIDs instead of short
+ attributeType names instead. So if you want the creatorsName to change
+ from the normalized form which is the internal representation of
+
+ '0.9.2342.19200300.100.1.1=admin,2.5.4.11=system'
+
+ to a more human readabile form like:
+
+ 'uid=admin,ou=system'
+
+ then set this property to true.
+ -->
+ <property name="denormalizeOpAttrsEnabled" value="false" />
+
+ <property name="ldapPort" value="10389" />
+
+ <property name="systemPartitionConfiguration"
ref="systemPartitionConfiguration" />
+
+ <property name="contextPartitionConfigurations">
+ <set>
+ <ref bean="sevenSeasPartitionConfiguration"/>
+ </set>
+ </property>
+ <property name="bootstrapSchemas">
+ <set>
+ <bean
class="org.apache.directory.server.core.schema.bootstrap.AutofsSchema"/>
+ <bean
class="org.apache.directory.server.core.schema.bootstrap.CorbaSchema"/>
+ <bean
class="org.apache.directory.server.core.schema.bootstrap.CoreSchema"/>
+ <bean
class="org.apache.directory.server.core.schema.bootstrap.CosineSchema"/>
+ <bean
class="org.apache.directory.server.core.schema.bootstrap.ApacheSchema"/>
+ <bean
class="org.apache.directory.server.core.schema.bootstrap.CollectiveSchema"/>
+ <bean
class="org.apache.directory.server.core.schema.bootstrap.InetorgpersonSchema"/>
+ <bean
class="org.apache.directory.server.core.schema.bootstrap.JavaSchema"/>
+ <bean
class="org.apache.directory.server.core.schema.bootstrap.Krb5kdcSchema"/>
+ <bean
class="org.apache.directory.server.core.schema.bootstrap.NisSchema"/>
+ <bean
class="org.apache.directory.server.core.schema.bootstrap.SystemSchema"/>
+ <bean
class="org.apache.directory.server.core.schema.bootstrap.ApachednsSchema"/>
+ <bean
class="org.apache.jetspeed.security.ldap.JetspeedSchema"/>
+ </set>
+ </property>
+
+ <property name="extendedOperationHandlers">
+ <list>
+ <bean
class="org.apache.directory.server.ldap.support.extended.GracefulShutdownHandler"/>
+ <bean
class="org.apache.directory.server.ldap.support.extended.LaunchDiagnosticUiHandler"/>
+ </list>
+ </property>
+
+ <property name="interceptorConfigurations">
+ <list>
+ <bean
class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name" value="normalizationService" />
+ <property name="interceptor">
+ <bean
class="org.apache.directory.server.core.normalization.NormalizationService" />
+ </property>
+ </bean>
+ <bean
class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name" value="authenticationService" />
+ <property name="interceptor">
+ <bean
class="org.apache.directory.server.core.authn.AuthenticationService" />
+ </property>
+ </bean>
+ <bean
class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name" value="referralService" />
+ <property name="interceptor">
+ <bean
class="org.apache.directory.server.core.referral.ReferralService" />
+ </property>
+ </bean>
+ <bean
class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name" value="authorizationService" />
+ <property name="interceptor">
+ <bean
class="org.apache.directory.server.core.authz.AuthorizationService" />
+ </property>
+ </bean>
+ <bean
class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name" value="defaultAuthorizationService" />
+ <property name="interceptor">
+ <bean
class="org.apache.directory.server.core.authz.DefaultAuthorizationService" />
+ </property>
+ </bean>
+ <bean
class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name" value="exceptionService" />
+ <property name="interceptor">
+ <bean
class="org.apache.directory.server.core.exception.ExceptionService" />
+ </property>
+ </bean>
+ <bean
class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name" value="schemaService" />
+ <property name="interceptor">
+ <bean
class="org.apache.directory.server.core.schema.SchemaService" />
+ </property>
+ </bean>
+ <bean
class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name" value="subentryService" />
+ <property name="interceptor">
+ <bean
class="org.apache.directory.server.core.subtree.SubentryService" />
+ </property>
+ </bean>
+ <bean
class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name" value="operationalAttributeService" />
+ <property name="interceptor">
+ <bean
class="org.apache.directory.server.core.operational.OperationalAttributeService"
/>
+ </property>
+ </bean>
+ <bean
class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name" value="collectiveAttributeService" />
+ <property name="interceptor">
+ <bean
class="org.apache.directory.server.core.collective.CollectiveAttributeService"
/>
+ </property>
+ </bean>
+ <bean
class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name" value="eventService" />
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.event.EventService"
/>
+ </property>
+ </bean>
+ </list>
+ </property>
+ </bean>
+
+ <!-- use the following partitionConfiguration to override defaults for -->
+ <!-- the system partition -->
+ <bean id="systemPartitionConfiguration"
class="org.apache.directory.server.core.partition.impl.btree.MutableBTreePartitionConfiguration">
+ <property name="name" value="system" />
+ <property name="cacheSize" value="100" />
+ <property name="suffix" value="ou=system" />
+
+ <!-- the optimizer is enabled by default but may not always be what -->
+ <!-- you want if your queries are really simple -->
+ <property name="optimizerEnabled" value="true" />
+
+ <!--
+ Synchronization on writes does not wait for synch operations
+ to flush dirty pages. Writes persist immediately to disk at
+ a cost to performance with increased data integrity. Otherwise
+ the periodic synch operation will flush dirty pages using the
+ synchPeriodMillis parameter in the main configuration.
+ -->
+ <property name="synchOnWrite" value="true" />
+ <property name="indexedAttributes">
+ <set>
+ <bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
+ <property name="attributeId" value="ou" />
+ <property name="cacheSize" value="100" />
+ </bean>
+ <bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
+ <property name="attributeId" value="uid" />
+ <property name="cacheSize" value="100" />
+ </bean>
+ <bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
+ <property name="attributeId" value="objectClass" />
+ <property name="cacheSize" value="100" />
+ </bean>
+ </set>
+ </property>
+ <property name="contextEntry">
+ <value>
+ objectClass: top
+ objectClass: organizationalUnit
+ objectClass: extensibleObject
+ ou: system
+ </value>
+ </property>
+ </bean>
+
+<!--
+ <bean id="examplePartitionConfiguration"
class="org.apache.directory.server.core.partition.impl.btree.MutableBTreePartitionConfiguration">
-->
+<bean id="sevenSeasPartitionConfiguration"
class="org.apache.directory.server.core.partition.impl.btree.MutableBTreePartitionConfiguration">
+<!-- <property name="name" value="example" />
+ <property name="cacheSize" value="100"/>
+ <property name="suffix" value="dc=example,dc=com" />-->
+
+ <!-- the optimizer is enabled by default but may not always be what -->
+ <!-- you want if your queries are really simple -->
+ <!--<property name="optimizerEnabled" value="true" />-->
+
+ <property name="name" value="The seven seas" />
+ <property name="cacheSize" value="100" />
+ <property name="suffix" value="o=sevenSeas" />
+ <property name="optimizerEnabled" value="true" />
+ <property name="synchOnWrite" value="true" />
+
+
+ <!--
+ Synchronization on writes does not wait for synch operations
+ to flush dirty pages. Writes persist immediately to disk at
+ a cost to performance with increased data integrity. Otherwise
+ the periodic synch operation will flush dirty pages using the
+ synchPeriodMillis parameter in the main configuration.
+ -->
+
+ <property name="indexedAttributes">
+ <set>
+ <bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
+ <property name="attributeId" value="dc" />
+ <property name="cacheSize" value="100" />
+ </bean>
+ <bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
+ <property name="attributeId" value="ou" />
+ <property name="cacheSize" value="100" />
+ </bean>
+ <bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
+ <property name="attributeId" value="krb5PrincipalName" />
+ <property name="cacheSize" value="100" />
+ </bean>
+ <bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
+ <property name="attributeId" value="uid" />
+ <property name="cacheSize" value="100" />
+ </bean>
+ <bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
+ <property name="attributeId" value="objectClass" />
+ <property name="cacheSize" value="100" />
+ </bean>
+ </set>
+ </property>
+ <property name="contextEntry">
+ <value>
+ objectClass: top
+ objectClass: domain
+ objectClass: extensibleObject
+ o: sevenSeas
+ </value>
+ </property>
+ </bean>
+ <!-- dc: example -->
+
+ <bean
class="org.springframework.beans.factory.config.CustomEditorConfigurer">
+ <property name="customEditors">
+ <map>
+ <entry key="javax.naming.directory.Attributes">
+ <bean
class="org.apache.directory.server.core.configuration.AttributesPropertyEditor"/>
+ </entry>
+ </map>
+ </property>
+ </bean>
+</beans>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
