It is likely that your existing users in domino have passwords
hashed/encoded differently than the algorithm employed by the J2
components. If you had created the passwords using jetspeed, then you
would be ok, but I bet they existed already.
In the security-spi-atn LDAP assembly file, you can swap the
configured implementation of
org.apache.jetspeed.security.spi.CredentialPasswordEncoder with your
own custom one so that you can encode/hash passwords in the format you
need.
HTH,
aaron
On 7/27/06, Vitaly Baranovsky <[EMAIL PROTECTED]> wrote:
Good day!
I've configured jetspeed-2 to use Domino ldap directory for authentication.
When I try to log in, jetspeed tells me "invalid password". But when I
configure jetspeed-2 to use Apache Directory Server for authentication,
jetspeed-2 logs in with no problem.
My security-spi-ldap.xml for domino authentication:
<beans>
<!-- ************** Ldap Configuration ************** -->
<bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
<!-- The LDAP initial context factory. -->
<constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory
</value></constructor-arg>
<!-- The LDAP server name. -->
<constructor-arg index="1"><value>ldapsrv.office.mycompany.net
</value></constructor-arg>
<!-- The LDAP server port. -->
<constructor-arg index="2"><value>389</value></constructor-arg>
<!-- The LDAP server default dn suffix. -->
<constructor-arg index="3"><value></value></constructor-arg>
<!-- The LDAP server root context. -->
<constructor-arg
index="4"><value>O=MyCompany</value></constructor-arg>
<!-- The LDAP server root dn. -->
<constructor-arg
index="5"><value>CN=wpsdev,OU=MyCompanyUsers,O=MyCompany</value></constructor-arg>
<!-- The LDAP server root password. -->
<constructor-arg index="6"><value>wpsdev</value></constructor-arg>
<!-- The users org unit. -->
<constructor-arg
index="7"><value>MyCompanyUsers</value></constructor-arg>
<!-- The groups org unit. -->
<constructor-arg index="8"><value>groups</value></constructor-arg>
<!-- The roles org unit. -->
<constructor-arg index="9"><value>roles</value></constructor-arg>
</bean>
</beans>
I have entry CN=wpsdevtest,OU=MyCompanyUsers,O=MyCompany with password
wpsdevtest at Domino Directory, and I can run ldapsearch correctly using
this entry as bind dn. This user have jetspeed-2-user object-class.
When I try to enter login wpsdevtest and password wpsdevtest in jetspeed-2
login portlet, it says me: "invalid password". But when I enter login that
didn't exists in Domino directory, jetspeed-2 says me: "invalid user". So,
it's looks like ldap binding was ok.
When I do same things using Apache Directory server, jetspeed-2 logs in
correctly.
So, how can I do Domino ldap authentication using jetspeed-2? Please, help
me!
Thanks!
P.S.: Sorry for my bad English.
P.P.S.: I have found next message at
http://issues.apache.org/jira/browse/JS2-491?page=comments:
> The major problem that users will be facing today is that encrypted
> passwords are not supported in the jetspeed2.0 release. Given that this
> functionality has been committed to the codebase, how do you feel
> towards providing a downloadable JAR file to users that would act as a
> replacement for their current jetspeed-security-2.0.jar - doesn't have
> to be anything official, could be included as a link in the
> documentation)
> The user would have to
> * replace his jetspeed-security-2.0.jar
> * restart tomcat
> The user would have support for encrypted passwords and group/role
> membership via LDAP.
So, is my problem in jetspeed-2 cannot support encrypted passwords? So, is
anyone has jetspeed-security-2.x.jar? Give it to me please, if so.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
