RE: Provisioning users from outside Jetspeed 2, security services

[Jennifer Ruffing]

Please take me off your mailing list.

<br><br><br>&gt;From: &quot;Paul ANDERSON&quot; 
&lt;[EMAIL PROTECTED]&gt;<br>&gt;Reply-To: &quot;Jetspeed 
Users List&quot; &lt;jetspeed-user@portals.apache.org&gt;<br>&gt;To: 
&quot;Jetspeed Users List&quot; 
&lt;jetspeed-user@portals.apache.org&gt;<br>&gt;Subject: RE: Provisioning 
users from outside Jetspeed 2, security services<br>&gt;Date: Wed, 29 Jun 
2005 17:28:03 +0100<br>&gt;<br>&gt;My question was:<br>&gt;Assuming a custom 
LDAP implementation that works as Florian describes, or the standard 
Jetspeed one that uses its own schema and can't be mapped to an existing 
one:<br>&gt;Can you add/remove users to LDAP via other applications? Or do 
you hit problems with admin portlet markup caching, store caching, variable 
caching, etc? I.e. does Jetspeed assume all persistent updates have to be 
applied through its own toolset?<br>&gt;<br>&gt;And does everything 
including preferences have to be either in LDAP or an RDBMS? Or can you mix 
them - LDAP for authn, authz roles and SQL for low-level ACLs and 
portlet-related data?<br>&gt;<br>&gt;Paul<br>&gt;<br>&gt;-----Message 
d'origine-----<br>&gt;De : Randy Watler 
[mailto:[EMAIL PROTECTED]<br>&gt;Envoyé : 29 June 2005 17:16<br>&gt;À : 
Jetspeed Users List<br>&gt;Objet : Re: AW: Provisioning users from outside 
Jetspeed 2, security services<br>&gt;<br>&gt;Florian,<br>&gt;<br>&gt;Please 
review the archives for this and the dev list.<br>&gt;<br>&gt;There are two 
techniques:<br>&gt;<br>&gt;- implement UserManager and/or other security SPI 
components for J2, or<br>&gt;- implement a custom 
SecurityValve.<br>&gt;<br>&gt;You will find both techniques discussed in the 
archives.<br>&gt;<br>&gt;Randy<br>&gt;<br>&gt;Florian Theurich 
wrote:<br>&gt;<br>&gt; &gt;Hi,<br>&gt; &gt;<br>&gt; &gt;I suppose I have a 
similar issued to solve like Paul...<br>&gt; &gt;<br>&gt; &gt;Using 
Jetspeed2 our users log in the windows domain and are automatically<br>&gt; 
&gt;authenticated against our portal as they are users in the corporate 
Active<br>&gt; &gt;Directory. An Active Directory group further tells us 
which business unit he<br>&gt; &gt;works for and which role he obtains 
(editor, editor in charge, contact admin<br>&gt; &gt;etc.)...<br>&gt; 
&gt;<br>&gt; &gt;But where can we tell Jetspeed to actually grab or 'inject' 
the role (as<br>&gt; &gt;Jetspeed seems to dot it when your users and their 
roles are stored in the<br>&gt; &gt;DB) so that Jetspeed can use it for 
applying profiling rules and eventually<br>&gt; &gt;come up with the pages 
that are to display for a particular user? So in a<br>&gt; &gt;nutshell how 
can we tell J2 to make use of the role and group that we<br>&gt; &gt;receive 
from the Active Directory...?<br>&gt; &gt;<br>&gt; &gt;I hope I made myself 
clear...<br>&gt; &gt;Any suggestions are highly appreciated<br>&gt; 
&gt;Cheers<br>&gt; &gt;<br>&gt; &gt;Florian<br>&gt; &gt;<br>&gt; 
&gt;<br>&gt; &gt;<br>&gt; &gt;-----Ursprüngliche Nachricht-----<br>&gt; 
&gt;Von: Paul ANDERSON [mailto:[EMAIL PROTECTED]<br>&gt; 
&gt;Gesendet: Dienstag, 28. Juni 2005 18:44<br>&gt; &gt;An: Jetspeed Users 
List<br>&gt; &gt;Betreff: Provisioning users from outside Jetspeed 2, 
security services<br>&gt; &gt;<br>&gt; &gt;Can I create/remove users 
directly in the RDBMS/LDAP backend for<br>&gt; &gt;Jetspeed 2, or does it 
assume that changes will go through the admin<br>&gt; &gt;portlets and 
engine?<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt;Can user profile 
fields be changed outside, or are they cached either as<br>&gt; &gt;fields 
or markup in the admin portlets?<br>&gt; &gt;<br>&gt; &gt;<br>&gt; 
&gt;<br>&gt; &gt;Can I store authentication info, role info, ACL info, 
preferences and<br>&gt; &gt;working data all in different backends depending 
on the security<br>&gt; &gt;services implementation, or is there some reason 
why they have to be in<br>&gt; &gt;the same store?<br>&gt; &gt;<br>&gt; 
&gt;<br>&gt; &gt;<br>&gt; &gt;Has anyone successfully tried a setup where 
Jetspeed just provides<br>&gt; &gt;services for existing users who are 
administered somewhere else?<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt; 
&gt;Thanks,<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt;Paul.<br>&gt; 
&gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt; 
&gt;<br>&gt; 
&gt;---------------------------------------------------------------------<br>&gt; 
&gt;To unsubscribe, e-mail: 
[EMAIL PROTECTED]<br>&gt; &gt;For additional 
commands, e-mail: [EMAIL PROTECTED]<br>&gt; &gt;<br>&gt; 
&gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt; 
&gt;<br>&gt;<br>&gt;<br>&gt;<br>&gt;---------------------------------------------------------------------<br>&gt;To 
unsubscribe, e-mail: [EMAIL PROTECTED]<br>&gt;For 
additional commands, e-mail: 
[EMAIL PROTECTED]<br>&gt;<br>&gt;<br>&gt;---------------------------------------------------------------------<br>&gt;To 
unsubscribe, e-mail: [EMAIL PROTECTED]<br>&gt;For 
additional commands, e-mail: 
[EMAIL PROTECTED]<br>&gt;<br>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]