My company recently adopted James 2.3.2 as a low cost mail-server. We were quite impressed with its stability and versatility, however we did have one major problem. We wanted to authenticate users against our existing LDAP store, thus maintaining consistency with other applications in our technology landscape. Apart from the fact that the current LDAP support in James is experimental, it does mandate that certain James specific groups are created in the LDAP server. This did not go down very well with our system/security administrators.
We wanted a user-repository that would simply mirror the information in our LDAP repository and not permit users to be added or changed via the James Admin console. We ended up building this functionality ourselves on top of the 2.3.2 release. We would now like to contribute our aptly named "ReadOnlyLDAPUserRepository" back to the James project.
The source code is attached. For a summary of the features, please see bullet list below:
a.) authentication against LDAP compliant server
b.) group/role based access restriction
c.) read-only feature, thus allowing organizations to manage James users through existing security-admin tools.
e.) allows James to share authentication/authorization infrastructure/repository with the rest of the applications in an IT landscape. Put differently, companies that have already invested in a security infrastructure, can re-use it when adopting James as a mail server.
Please find attached the fully commented source code required for this change. I am happy to provide any additional documentation required for inclusion into the James wiki, or to make any changes to the code required for James v3.