Hi, After having a look at the LDAP Configuration section on the apache website, I decided to connect my Sun Directory Server to my Jetspeed2 installation.
After fiddling around with the LDAP schema, Jetspeed source code & Spring configuration, I managed to get certain things up & running. My general question, besides the one below, is if there is some kind of roadmap or planning when it comes to extending the LDAP support in the Jetspeed security module? SecurityHandlers ---------------- When I downloaded the jetspeed distribution, the authorization config (security-spi-atz.xml) didn't use any LDAP specific SecurityHandlers. (The codebase does contain handlers for credentials, groups and users, but apparently lacks support for roles). Is it correct that there is a dependency between the SecurityHandlers and the SecurityMapper ? I had the impression that during the creation of the groups, everything was stored correctly in LDAP, but when it came to assigning those groups to users, Jetspeed expected to find the groups in the database, and didn't bother to check the LDAP. SecurityMappers --------------- So after replacing the default handlers with LDAP specific handlers, I tried using the LdapSecurityMapper instead of the DefaultSecurityMapper A few hiccups aside, everything seemed to be working pretty well. I was able to store users/groups in LDAP, and even managed to get the group assignment working through the LdapSecurityMapper. However, the fact that the role part was unimplemented rendered this solution unusable for now. Encrypted passwords in LDAP --------------------------- The Sun Directory Server stores encrypted passwords. Jetspeed doesn't have any means to decrypt them, so the only way to authenticate a user is to use the encrypted password string from LDAP, and use that to perform a login. What are the plans to handle this? Using uniqueMember of memberOf attributes ----------------------------------------- Assigning users to groups/roles apparently depends on the j2-group/j2-role multi-value attributes that are stored on the user level. Are there any plans to support uniqueMember, or memberOf attributes? This would facilitate the integration of existing corporate LDAP trees with Jetspeed. To conclude this, I would just like to say that the first time I ever encountered Jetspeed was about 4 years ago when we evaluated it for a portal based solution. Unfortunately, the project at the time wasn't nearly as mature as it is now, and it also suffered tremendous performance issues. It's great to see how the project has evolved! Keep up the good work! Greetings, Davy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
