[JS2-491] Enhance J2 LDAP Security Documentation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.1-dev
Fix Version/s: 2.1-dev, 2.1
Component/s: Security
Labels:
None

Description

From Davy De Waele email to the list:

Judging from the recent activity on the mailing list I noticed some
interest in using LDAP & Jetspeed

Some thoughts come to mind:

1. The instructions located at
http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/ldap
.html are really only applicable for people who are building jetspeed
from source.
Due to the fact that the security-spi-ldap*.xml files shown there are
coming from SVN (interface changes, additional objects in the
configuration files that are not in the 2.0 binary release), users who
have installed jetspeed2 via the installer attempting to follow these
instructions will run into configuration issues.

What would be the best way to address this?

I think we should make a difference between users who are familiar with
Maven, SVN, compiling/building/deploying, and users who just want to
get
the thing up & running using the installer.

Shouldn't we put this information into perspective by:

a) Clearly indicating that this is only intended for people building
from source
b) Provide an additional manual on what needs to be done starting from
a
binary release (2.0 version)

The user would have to

copy the security-spi-ldap*.xml files (we provide
downloadable spring XML files acting as examples)
remove their default security-spi-atn.xml
restart tomcat
preparing their LDAP server

As far as LDAP support goes, we should provide instructions on how
existing LDAP servers can be used with jetspeed. We can also provide
downloadable schema files & LDIF sample data for all major vendors +
documentation)

I could provide such manuals for OpenLDAP,SunDS and ApacheDS.

2. The major problem that users will be facing today is that encrypted
passwords are not supported in the jetspeed2.0 release. Given that this
functionality has been committed to the codebase, how do you feel
towards providing a downloadable JAR file to users that would act as a
replacement for their current jetspeed-security-2.0.jar - doesn't have
to be anything official, could be included as a link in the
documentation)

The user would have to

replace his jetspeed-security-2.0.jar
restart tomcat

The user would have support for encrypted passwords and group/role
membership via LDAP.

3. OpenLDAP schema file

I had to add groupOfUniqueNames as a parent to the jetspeed-2-group and
jetspeed-2-role objectClasses in order for the group/role assignment to
work in OpenLDAP.
ApacheDS doesn't really care when objects are created in the LDAP tree
containing attributes that aren't defined in the LDAP schema. OpenLDAP
does I've attached the new jetspeed.schema file.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

jetspeed-ldap-final.patch
16/Sep/06 08:45
217 kB
Davy De Waele
ldap_patch_with_jdk_fix.patch
26/Oct/06 19:40
326 kB
Davy De Waele
jetspeed2-ldap-11102006.patch
11/Nov/06 16:08
378 kB
Davy De Waele
jetspeed LDAP.doc
11/Nov/06 16:11
655 kB
Davy De Waele

Issue Links

is depended upon by

JS2-567 "Invalid password" when trying log in to jetspeed-2 portal using domino ldap authentication

Closed

Activity

People

Assignee:: Ate Douma

Reporter:: David LeStrat

Votes:: 2 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 07/Feb/06 08:38

Updated:: 02/May/13 02:29

Resolved:: 08/Dec/06 01:57