There is also an ldif file in the jetspeed source directory etc/apacheds called j2-apacheds.ldif
Phil On 8/2/06, O'Connell, Iain <[EMAIL PROTECTED]> wrote:
Hi Folks, After some trial and error I came up with the following security authorization configuration. Also I've included the contents of an ldif file which should help to get this up and running. Cheers, Iain <!-- security-spi-atz --> <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd";> <!-- Copyright 2004 The Apache Software Foundation Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <beans> <!-- ************** Security SPI Handlers ************** --> <!-- Security SPI: LdapUserCredentialDao --> <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao" class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDaoImpl" > <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></const ructor-arg> </bean> <!-- Security SPI: LdapPrincipalDao --> <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao" class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl"> <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></const ructor-arg> </bean> <!-- Security SPI: CredentialHandler --> <bean id="org.apache.jetspeed.security.spi.CredentialHandler" class="org.apache.jetspeed.security.spi.impl.LdapCredentialHandler"> <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao"/></c onstructor-arg> </bean> <!-- Security SPI: UserSecurityHandler --> <bean id="org.apache.jetspeed.security.spi.UserSecurityHandler" class="org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler"> <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></co nstructor-arg> </bean> <!-- Security SPI: GroupSecurityHandler --> <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDao" class="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"> <constructor-arg index="0"> <ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/> </constructor-arg> </bean> </beans> <!-- /security-spi-atz --> The ldif for my LDAP looks like this: Note that I used OpenLDAP and there were some problems with inherited mandatory attributes that you need to watch out for: <!-- ldif --> dn: dc=foo,dc=com objectClass: top objectClass: dcObject objectClass: organization objectClass: person dc: root o: root description: root DIT sn: root cn: root dn: ou=users,dc=foo,dc=com ou: users objectClass: top objectClass: organizationalUnit dn: uid=admin,ou=users,dc=foo,dc=com objectClass: jetspeed-2-user objectClass: inetorgperson objectClass: organizationalPerson objectClass: uidObject objectClass: person objectClass: top cn: admin ou: users sn: admin uid: admin userPassword: admin j2-role: admin dn: ou=groups,dc=foo,dc=com objectClass: top objectClass: organizationalUnit ou: groups description: groups dn: ou=roles,dc=foo,dc=com objectClass: top objectClass: organizationalUnit ou: roles description: roles dn: cn=admin,ou=roles,dc=foo,dc=com uid: admin cn: admin ou: roles objectClass: jetspeed-2-role objectClass: top objectClass: uidObject <!-- /ldif --> Thanks to Michael Kearns for his input also! -----Original Message----- From: O'Connell, Iain [mailto:[EMAIL PROTECTED] Sent: 01 August 2006 17:16 To: 'Jetspeed Users List' Subject: security-spi-atz.xml for LDAP Hi Folks, If anybody has a sample of the security-spi-atz.xml Spring config file working for LDAP authorization (group and role) would they mind posting it please? Thanks, Iain
-- Philip Donaghy donaghy.blogspot.com del.icio.us/donaghy/philip Skype: philipmarkdonaghy Office: +33 5 56 60 88 02 Mobile: +33 6 20 83 22 62 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
