[
https://issues.apache.org/jira/browse/JS2-1143?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ate Douma resolved JS2-1143.
----------------------------
Resolution: Fixed
Implemented
> New LDAP UserPasswordCredentialManager providing LDAP authentication,
> maintenance of LDAP credentials and UserPasswordCredentialPolicyManager
> support
> -----------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: JS2-1143
> URL: https://issues.apache.org/jira/browse/JS2-1143
> Project: Jetspeed 2
> Issue Type: New Feature
> Components: LDAP, Security
> Affects Versions: 2.2.0
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.1
>
>
> The new LdapUserPasswordCredentialManager can be used as a replacement of the
> standard (db only) UserPasswordCredentialManager and automatically handle
> LDAP based authentication.
> When using this LdapUserPasswordCredentialManager the
> LdapAuthenticationProvider is not needed to be configured (still remains
> useful with readonly LDAP configurations).
> Also the PasswordCredentials maintenance is handled as a wrapped/layered
> solution on top of the standard database, supporting creation/updating of
> LDAP passwords as well as simultaneously tracking them in the database as
> well.
> For the LDAP password encoding a new LdapCredentialPasswordEncoder is
> provided which supports (Unix) CRYPT, SHA, SSHA, MD5 and SMD5 hashing.
> This LDAP password encoder can also be used for the database persistent
> storage, or an alternative encoder can be configured.
> The encoding algorithms have been borrowed and adapted from the Apache
> Directory Studio project.
> As the LdapUserPasswordCredentialManager fully supports the
> UserPasswordCredentialPolicyManager (with regards to the *database*
> representation of the PasswordCredential), all features like credential
> pre/post processing, (custom) password validation interceptors, etc. can be
> leveraged for LDAP too.
> Also, changing a password can be configured to be executed through the
> administrative LDAP account (default) or only by the current user itself. The
> latter is useful for LDAP environments which enforce this as a requirement.
> Note: this implementation does *not* support Active Directory which requires
> special (additional) handling, but the needed "hooks" are already provided to
> support extending this implementation for that purpose.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
