Hi, We're using LDAP integration with JetSpeed 2.2.0 for our portal. It took me a while to figure out what is needed to configure LDAP in Jetspeed 2.2.0, so I will try to help you out. Homewer, there are some issues in LDAP integration with Jetspeed 2.2.0 that you should be aware of before you continue any further.
* When you create users from the portal (through j2-admin user management portlet or any other management portlet you may implement), the user is created in LDAP but password synchronization does not exist. I mean the password you specified for the user is ONLY saved in database, not in LDAP. There is not any synchronization functionality for user passwords. It means that when a user tries to login to the portal, his password is checked against the LDAP user entry. When he tries to change his password, the current password is checked against database user entry not LDAP. The changed password is ONLY saved in database user entry. (https://issues.apache.org/jira/browse/JS2-1037) * There is a bug with "ldap.user.searchBase" configuration property. When you specify this property, you will no longer be able to login to the portal. (https://issues.apache.org/jira/browse/JS2-1030) Considering that you're ok with these issues and still want to use LDAP, here is what you need to do. - Create an override.properties file in your portal, <portal directory> / WEB-INF / conf directory (C:\Program Files\Apache Software Foundation\Tomcat_6.0.18\webapps\LbsPortal\WEB-INF\conf for instance). The content of this file should be as follows: ******************************************* override.properties file content *********************************** #------------------------------------------------------------------------- # LDAP #------------------------------------------------------------------------- ldap.url=ldap://172.16.12.53:10389 ldap.base=o=lbs ldap.userDn=uid=admin,ou=system ldap.password=secret ldap.context.factory=com.sun.jndi.ldap.LdapCtxFactory ldap.user.filter=(objectclass=person) ldap.search.scope=2 ldap.user.searchBase= ldap.user.entryPrefix=cn ldap.role.searchBase=ou=Roles ldap.group.searchBase=ou=Groups #Turn on LDAP Security spring.filter.key=portal.ldap ********************************************************************************************************************* This file content tells jetspeed to use LDAP security (spring.filter.key=portal.ldap line) and ldap configuration that will be used. ldap.url is the url of your ldap server. ldap.base is your base entry in LDAP. ldap.userDn, and ldap.password are connection settings that are going to be used when connecting to your ldap server. This user should have enough privileges to manage your ldap schema. ldap.user.filter is the filtering statement that will be used when searching for users in LDAP. Specify your class for user entries (e.g. inetorgperson, person, etc). ldap.search.scope is the scope that will be used in searching entries in LDAP. ldap.user.searchBase should be left empty until the mentioned bug is fixed. ldap.user.entryPrefix is the identification prefix that is used in ldap user entries, can be uid, cn, or something else according to your ldap schema. ldap.role.searchBase is the LDAP entry that holds your role definitions. ldap.group.searchBase is the LDAP entry that holds your group definitions. An example screenshot is attached to this mail that shows the LDAP that we use with the example configuration. - Find the security-ldap.xml file from your portal. It should be located in WEB-INF/assembly directory of your portal (C:\Program Files\Apache Software Foundation\Tomcat_6.0.18\webapps\LbsPortal\WEB-INF\assembly for instance). Open and update its content according to your LDAP schema. You should update UserDaoConfiguration, RoleDaoConfiguration, GroupDaoConfiguration, UserRoleRelationDAO, UserGroupRelationDAO, RoleGroupRelationDAO beans according to your LDAP schema. You can understand the parts that you should update (I hope :)) Restart your application server. You should be in a state that I was when I posted http://www.nabble.com/How-to-configure-LDAP-in-JetSpeed-2.2.0-td23865878.html question. If you change the categories of the mentioned beans in that post, you should be ready to go with your LDAP. Good luck :) Aysegul AYDIN. ----- Original Message ---- From: Jansky Jiri <jiri.jan...@pageup.cz> To: jetspeed-user@portals.apache.org Sent: Tuesday, August 11, 2009 4:30:22 PM Subject: jetspeed 2.2.0 and LDAP Hi, we would like to use jetspeed to get user information from LDAP database. I used this (http://portals.apache.org/jetspeed-2/deployguide/ldap.html) guide to set up OpenLDAP (with some modification of ldif file) and it seems run fine with jetspeed-2.1.3. But we want use jetspeed-2.2.0 (Java Portlet 2.0 standard). So I download and install jetspeed-installer-demo-2.2.0.jar. Because some changes in configure file old method is not function. So, a googled some solution. And get this ( http://www.techartifact.com/blogs/2009/06/ldap-configuration-in-jetspeed-2-2-0.html) and this (http://www.nabble.com/How-to-configure-LDAP-in-JetSpeed-2.2.0-td23865878.html). But neither of it doesn't help. After configuration and restarting portal I can still login with old password and new user created with web interface isn't in LDAP. So, can anybody help me, how to configure it, or how to resolve this problem? Thanks. Best regards, Jiri Jansky
--------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org For additional commands, e-mail: jetspeed-user-h...@portals.apache.org
