[
https://issues.apache.org/jira/browse/JS2-1143?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ate Douma updated JS2-1143:
---------------------------
Description:
The new LdapUserPasswordCredentialManager can be used as a replacement of the
standard (db only) UserPasswordCredentialManager and automatically handle LDAP
based authentication.
When using this LdapUserPasswordCredentialManager the
LdapAuthenticationProvider is not needed to be configured (still remains useful
with readonly LDAP configurations).
Also the PasswordCredentials maintenance is handled as a wrapped/layered
solution on top of the standard database, supporting creation/updating of LDAP
passwords as well as simultaneously tracking them in the database as well.
For the LDAP password encoding a new LdapCredentialPasswordEncoder is provided
which supports (Unix) CRYPT, SHA, SSHA, MD5 and SMD5 hashing.
This LDAP password encoder can also be used for the database persistent
storage, or an alternative encoder can be configured.
The encoding algorithms have been borrowed and adapted from the Apache
Directory Studio project.
As the LdapUserPasswordCredentialManager fully supports the
UserPasswordCredentialPolicyManager (with regards to the *database*
representation of the PasswordCredential), all features like credential
pre/post processing, (custom) password validation interceptors, etc. can be
leveraged for LDAP too.
Also, changing a password can be configured to be executed through the
administrative LDAP account (default) or only by the current user itself. The
latter is useful for LDAP environments which enforce this as a requirement.
Note: this implementation does *not* support Active Directory which requires
special (additional) handling, but the needed "hooks" are already provided to
support extending this implementation for that purpose.
was:
The new LdapUserPasswordCredentialManager can be used as a replacement of the
standard (db only) UserPasswordCredentialManager and automatically handle LDAP
based authentication.
When using this LdapUserPasswordCredentialManager the
LdapAuthenticationProvider is not needed to be configured (still remains useful
with readonly LDAP configurations).
Also the PasswordCredentials maintenance is handled as a wrapped/layered
solution on top of the standard database, supporting creation/updating of LDAP
passwords as well as simultaneously tracking them in the database as well.
For the LDAP password encoding a new LdapCredentialPasswordEncoder is provided
which supports (Unix) CRYPT, SHA, SSHA, MD5 and SMD5 hashing.
This LDAP password encoder can also be used for the database persistent
storage, or an alternative encoder can be configured.
As the LdapUserPasswordCredentialManager fully supports the
UserPasswordCredentialPolicyManager (with regards to the *database*
representation of the PasswordCredential), all features like credential
pre/post processing, (custom) password validation interceptors, etc. can be
leveraged for LDAP too.
Also, changing a password can be configured to be executed through the
administrative LDAP account (default) or only by the current user itself. The
latter is useful for LDAP environments which enforce this as a requirement.
Note: this implementation does *not* support Active Directory which requires
special (additional) handling, but the needed "hooks" are already provided to
support extending this implementation for that purpose.
> New LDAP UserPasswordCredentialManager providing LDAP authentication,
> maintenance of LDAP credentials and UserPasswordCredentialPolicyManager
> support
> -----------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: JS2-1143
> URL: https://issues.apache.org/jira/browse/JS2-1143
> Project: Jetspeed 2
> Issue Type: New Feature
> Components: LDAP, Security
> Affects Versions: 2.2.0
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.1
>
>
> The new LdapUserPasswordCredentialManager can be used as a replacement of the
> standard (db only) UserPasswordCredentialManager and automatically handle
> LDAP based authentication.
> When using this LdapUserPasswordCredentialManager the
> LdapAuthenticationProvider is not needed to be configured (still remains
> useful with readonly LDAP configurations).
> Also the PasswordCredentials maintenance is handled as a wrapped/layered
> solution on top of the standard database, supporting creation/updating of
> LDAP passwords as well as simultaneously tracking them in the database as
> well.
> For the LDAP password encoding a new LdapCredentialPasswordEncoder is
> provided which supports (Unix) CRYPT, SHA, SSHA, MD5 and SMD5 hashing.
> This LDAP password encoder can also be used for the database persistent
> storage, or an alternative encoder can be configured.
> The encoding algorithms have been borrowed and adapted from the Apache
> Directory Studio project.
> As the LdapUserPasswordCredentialManager fully supports the
> UserPasswordCredentialPolicyManager (with regards to the *database*
> representation of the PasswordCredential), all features like credential
> pre/post processing, (custom) password validation interceptors, etc. can be
> leveraged for LDAP too.
> Also, changing a password can be configured to be executed through the
> administrative LDAP account (default) or only by the current user itself. The
> latter is useful for LDAP environments which enforce this as a requirement.
> Note: this implementation does *not* support Active Directory which requires
> special (additional) handling, but the needed "hooks" are already provided to
> support extending this implementation for that purpose.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
