Hello
I'm still trying to make ldap work, and now it work more or less.
I post this message to publish a working example in the web, and because
I have some questions.
1/ Basic configuration: Jetpeed connects to ldap, and I have some users
with which I can log in.
With
_ apacheDS 1.5.5 (NOT 1.5.7)
_ loading jetspeed schema (but it doesn't seem absolutly necessary) (see
in previous post)
_ loading an appropriate users example file (consistent with default
jetspeed 2.2.1 configuration.)
I some example in test code, in ldif exemple (setup2):
./jetspeed-2-2.2.1/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/setup2/resources/setup2.ldif
./jetspeed-2-2.2.1/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/setup1/resources/setup1.ldif
I've imported setup2 in my ldap.
_ matching property file with my ldap structure.
this is the content of
./webapps/jetspeed/WEB-INF/conf/override.properties in my jetspeed demo
configuration
It's consistent with LDAP content
#-------------------------------------------------------------------------
# LDAP
#-------------------------------------------------------------------------
ldap.url=ldap://localhost:10389
ldap.base=o=sevenSeas
ldap.userDn=uid=admin,ou=system
ldap.password=secret
ldap.context.factory=com.sun.jndi.ldap.LdapCtxFactory
ldap.user.filter=(objectclass=person)
ldap.search.scope=2
ldap.user.searchBase=o=Jetspeed
ldap.user.entryPrefix=uid
ldap.role.searchBase=ou=Roles,o=Jetspeed
ldap.role.filter = (objectClass=groupOfUniqueNames)
ldap.group.searchBase=ou=Groups,o=Jetspeed
ldap.group.filter = (objectClass=groupOfUniqueNames)
ldap.context.pool.maxActive = 20
ldap.context.pool.maxIdle = 20
#Turn on LDAP Security
spring.filter.key = portal.ldap
2/ Setting manually a role to a user
After this step I can connect, BUT no user has admin role
I've search in xml and source code.
Seemly, the relationship used to search (user<->role, or user <-> group,
etc) are defined in
Jetspeed-2.2.1/webapps/jetspeed/WEB-INF/assembly/security-ldap.xml file
In xml file, we can see that user isMemberOf role will defined the
relationship (in the ldif example it's something else, uniqueMember)
When you look at AttributeBasedRelationDAO.java, there a very
interesting comment.
If I got the point, the bean is very generic, and permits to define a
relation isMemberOf (user isMemberOf) or in the other sens member (role
member user)
Since I could not create a relation david isMemberOf admin (not in ldap
schema), I've created the relation in the role member user direction.
So I've added an attribute to cn=admin ldap object, which was attribute
name: member, attribute value
cn=David,o=Peoples,o=SanFrancisco,o=Jetspeed,o=sevenSeas
And it worked David became magically administrator
Alternatively, I could have changed the xml file to make it match to my
ldap content (using uniqueMember rather thar member), but I didn't to
change this part of jetspeed configuration.
<bean id="UserRoleRelationDAO"
class="org.apache.jetspeed.security.mapping.ldap.dao.impl.AttributeBasedRelationDAO">
<meta key="j2:cat" value="ldapSecurity"/>
<property name="relationAttribute" value="member"/>
<property name="attributeContainsInternalId" value="true"/>
<property name="useFromEntityAttribute" value="false"/>
<property name="relationType">
<bean
class="org.apache.jetspeed.security.mapping.impl.SecurityEntityRelationTypeImpl">
<constructor-arg index="0" value="isMemberOf"/>
<constructor-arg index="1" value="user"/>
<constructor-arg index="2" value="role"/>
</bean></property></bean>
3/ Adding an user
When I create a user through the register portlet, the user is created
inthe ldap , but I have an exception
Welcome. Please fill out the following form to become a registered user.
[Failed to add
user.org.apache.jetspeed.administration.RegistrationException:
org.apache.jetspeed.security.SecurityException: The role user does not
exist.]
In the ldap, the user is created in o=Jetspeed,o=sevenSeas
It's probably constructed from these properties
ldap.base=o=sevenSeas
ldap.user.searchBase=o=Jetspeed
Right?
4/ jetspeed defaut schema
What is the utility of jetspeed ldap schema (j2-role and all that stuff)?
Is it necessary?
If Yes, I suppose that the configuration has to be changed.
Does exists somewhere a configuration with that schema?
Any answer or clarification would be useful.
I hope this post will help other people trying to ldapize jetspeed.
Regards,
Jérôme
Exposition Enluminures en terre d'Islam entre abstraction et figuration -
jusqu'au 25 septembre 2011 - BnF - Richelieu / Galerie Mansart Avant
d'imprimer, pensez à l'environnement.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-user-h...@portals.apache.org
