RE: Provisioning users from outside Jetspeed 2, security services

[Scott T Weaver]

> To unsubscribe, e-mail: [EMAIL PROTECTED]

> -----Original Message-----
> From: Jennifer Ruffing [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, June 29, 2005 1:40 PM
> To: jetspeed-user@portals.apache.org
> Subject: RE: Provisioning users from outside Jetspeed 2, security services
> 
> Please take me off your mailing list.
> 
> <br><br><br>&gt;From: &quot;Paul ANDERSON&quot;
> &lt;[EMAIL PROTECTED]&gt;<br>&gt;Reply-To: &quot;Jetspeed
> Users List&quot; &lt;jetspeed-user@portals.apache.org&gt;<br>&gt;To:
> &quot;Jetspeed Users List&quot;
> &lt;jetspeed-user@portals.apache.org&gt;<br>&gt;Subject: RE: Provisioning
> users from outside Jetspeed 2, security services<br>&gt;Date: Wed, 29 Jun
> 2005 17:28:03 +0100<br>&gt;<br>&gt;My question was:<br>&gt;Assuming a
> custom
> LDAP implementation that works as Florian describes, or the standard
> Jetspeed one that uses its own schema and can't be mapped to an existing
> one:<br>&gt;Can you add/remove users to LDAP via other applications? Or do
> you hit problems with admin portlet markup caching, store caching,
> variable
> caching, etc? I.e. does Jetspeed assume all persistent updates have to be
> applied through its own toolset?<br>&gt;<br>&gt;And does everything
> including preferences have to be either in LDAP or an RDBMS? Or can you
> mix
> them - LDAP for authn, authz roles and SQL for low-level ACLs and
> portlet-related data?<br>&gt;<br>&gt;Paul<br>&gt;<br>&gt;-----Message
> d'origine-----<br>&gt;De : Randy Watler
> [mailto:[EMAIL PROTECTED]<br>&gt;Envoyé : 29 June 2005 17:16<br>&gt;À
> :
> Jetspeed Users List<br>&gt;Objet : Re: AW: Provisioning users from outside
> Jetspeed 2, security
> services<br>&gt;<br>&gt;Florian,<br>&gt;<br>&gt;Please
> review the archives for this and the dev list.<br>&gt;<br>&gt;There are
> two
> techniques:<br>&gt;<br>&gt;- implement UserManager and/or other security
> SPI
> components for J2, or<br>&gt;- implement a custom
> SecurityValve.<br>&gt;<br>&gt;You will find both techniques discussed in
> the
> archives.<br>&gt;<br>&gt;Randy<br>&gt;<br>&gt;Florian Theurich
> wrote:<br>&gt;<br>&gt; &gt;Hi,<br>&gt; &gt;<br>&gt; &gt;I suppose I have a
> similar issued to solve like Paul...<br>&gt; &gt;<br>&gt; &gt;Using
> Jetspeed2 our users log in the windows domain and are
> automatically<br>&gt;
> &gt;authenticated against our portal as they are users in the corporate
> Active<br>&gt; &gt;Directory. An Active Directory group further tells us
> which business unit he<br>&gt; &gt;works for and which role he obtains
> (editor, editor in charge, contact admin<br>&gt; &gt;etc.)...<br>&gt;
> &gt;<br>&gt; &gt;But where can we tell Jetspeed to actually grab or
> 'inject'
> the role (as<br>&gt; &gt;Jetspeed seems to dot it when your users and
> their
> roles are stored in the<br>&gt; &gt;DB) so that Jetspeed can use it for
> applying profiling rules and eventually<br>&gt; &gt;come up with the pages
> that are to display for a particular user? So in a<br>&gt; &gt;nutshell
> how
> can we tell J2 to make use of the role and group that we<br>&gt;
> &gt;receive
> from the Active Directory...?<br>&gt; &gt;<br>&gt; &gt;I hope I made
> myself
> clear...<br>&gt; &gt;Any suggestions are highly appreciated<br>&gt;
> &gt;Cheers<br>&gt; &gt;<br>&gt; &gt;Florian<br>&gt; &gt;<br>&gt;
> &gt;<br>&gt; &gt;<br>&gt; &gt;-----Ursprüngliche Nachricht-----<br>&gt;
> &gt;Von: Paul ANDERSON [mailto:[EMAIL PROTECTED]<br>&gt;
> &gt;Gesendet: Dienstag, 28. Juni 2005 18:44<br>&gt; &gt;An: Jetspeed Users
> List<br>&gt; &gt;Betreff: Provisioning users from outside Jetspeed 2,
> security services<br>&gt; &gt;<br>&gt; &gt;Can I create/remove users
> directly in the RDBMS/LDAP backend for<br>&gt; &gt;Jetspeed 2, or does it
> assume that changes will go through the admin<br>&gt; &gt;portlets and
> engine?<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt;Can user
> profile
> fields be changed outside, or are they cached either as<br>&gt; &gt;fields
> or markup in the admin portlets?<br>&gt; &gt;<br>&gt; &gt;<br>&gt;
> &gt;<br>&gt; &gt;Can I store authentication info, role info, ACL info,
> preferences and<br>&gt; &gt;working data all in different backends
> depending
> on the security<br>&gt; &gt;services implementation, or is there some
> reason
> why they have to be in<br>&gt; &gt;the same store?<br>&gt; &gt;<br>&gt;
> &gt;<br>&gt; &gt;<br>&gt; &gt;Has anyone successfully tried a setup where
> Jetspeed just provides<br>&gt; &gt;services for existing users who are
> administered somewhere else?<br>&gt; &gt;<br>&gt; &gt;<br>&gt;
> &gt;<br>&gt;
> &gt;Thanks,<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt;
> &gt;Paul.<br>&gt;
> &gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt;
> &gt;<br>&gt;
> &gt;---------------------------------------------------------------------
> <br>&gt;
> &gt;To unsubscribe, e-mail:
> [EMAIL PROTECTED]<br>&gt; &gt;For additional
> commands, e-mail: [EMAIL PROTECTED]<br>&gt;
> &gt;<br>&gt;
> &gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt;
> &gt;<br>&gt;<br>&gt;<br>&gt;<br>&gt;--------------------------------------
> -------------------------------<br>&gt;To
> unsubscribe, e-mail: jetspeed-user-
> [EMAIL PROTECTED]<br>&gt;For
> additional commands, e-mail:
> [EMAIL PROTECTED]<br>&gt;<br>&gt;<br>&gt;-------------
> --------------------------------------------------------<br>&gt;To
> unsubscribe, e-mail: jetspeed-user-
> [EMAIL PROTECTED]<br>&gt;For
> additional commands, e-mail:
> [EMAIL PROTECTED]<br>&gt;<br>
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]