New LDAP UserPasswordCredentialManager providing LDAP authentication,
maintenance of LDAP credentials and UserPasswordCredentialPolicyManager support
-----------------------------------------------------------------------------------------------------------------------------------------------------
Key: JS2-1143
URL: https://issues.apache.org/jira/browse/JS2-1143
Project: Jetspeed 2
Issue Type: New Feature
Components: LDAP, Security
Affects Versions: 2.2.0
Reporter: Ate Douma
Assignee: Ate Douma
Fix For: 2.2.1
The new LdapUserPasswordCredentialManager can be used as a replacement of the
standard (db only) UserPasswordCredentialManager and automatically handle LDAP
based authentication.
When using this LdapUserPasswordCredentialManager the
LdapAuthenticationProvider is not needed to be configured (still remains useful
with readonly LDAP configurations).
Also the PasswordCredentials maintenance is handled as a wrapped/layered
solution on top of the standard database, supporting creation/updating of LDAP
passwords as well as simultaneously tracking them in the database as well.
For the LDAP password encoding a new LdapCredentialPasswordEncoder is provided
which supports (Unix) CRYPT, SHA, SSHA, MD5 and SMD5 hashing.
This LDAP password encoder can also be used for the database persistent
storage, or an alternative encoder can be configured.
As the LdapUserPasswordCredentialManager fully supports the
UserPasswordCredentialPolicyManager (with regards to the *database*
representation of the PasswordCredential), all features like credential
pre/post processing, (custom) password validation interceptors, etc. can be
leveraged for LDAP too.
Also, changing a password can be configured to be executed through the
administrative LDAP account (default) or only by the current user itself. The
latter is useful for LDAP environments which enforce this as a requirement.
Note: this implementation does *not* support Active Directory which requires
special (additional) handling, but the needed "hooks" are already provided to
support extending this implementation for that purpose.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
