Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.2
    • Fix Version/s: 3.0-M1
    • Labels:
      None
    • Environment:
      LDAP

      Description

      My company recently adopted James 2.3.2 as a low cost mail-server. We were quite impressed with its stability and versatility, however we did have one major problem. We wanted to authenticate users against our existing LDAP store, thus maintaining consistency with other applications in our technology landscape. Apart from the fact that the current LDAP support in James is experimental, it does mandate that certain James specific groups are created in the LDAP server. This did not go down very well with our system/security administrators.

      We wanted a user-repository that would simply mirror the information in our LDAP repository and not permit users to be added or changed via the James Admin console. We ended up building this functionality ourselves on top of the 2.3.2 release. We would now like to contribute our aptly named "ReadOnlyLDAPUserRepository" back to the James project.

      The source code is attached. For a summary of the features, please see bullet list below:
      a.) authentication against LDAP compliant server
      b.) group/role based access restriction
      c.) read-only feature, thus allowing organizations to manage James users through existing security-admin tools.
      e.) allows James to share authentication/authorization infrastructure/repository with the rest of the applications in an IT landscape. Put differently, companies that have already invested in a security infrastructure, can re-use it when adopting James as a mail server.

      Please find attached the fully commented source code required for this change. I am happy to provide any additional documentation required for inclusion into the James wiki, or to make any changes to the code required for James v3.

        Activity

        Hide
        Norman Maurer added a comment -

        in trunk now..

        Show
        Norman Maurer added a comment - in trunk now..
        Hide
        Mario Zsilak added a comment -

        +1

        I need this kind of stuff in trunk as well
        Thanks Obi and Norman!

        Show
        Mario Zsilak added a comment - +1 I need this kind of stuff in trunk as well Thanks Obi and Norman!
        Hide
        Norman Maurer added a comment -

        I will try to "merge" it to trunk this weekend, seems like it need some changes..

        Show
        Norman Maurer added a comment - I will try to "merge" it to trunk this weekend, seems like it need some changes..
        Hide
        Obi Ezechukwu added a comment -

        Source archive containing classes which implement Read-Only LDAP repository.

        Show
        Obi Ezechukwu added a comment - Source archive containing classes which implement Read-Only LDAP repository.

          People

          • Assignee:
            Norman Maurer
            Reporter:
            Obi Ezechukwu
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development