Thanks, yes this is an extended version of that ldif file with extra entries for roles/groups etc and the admin role included to help get somebody starting to get off the ground faster.
Cheers, Iain -----Original Message----- From: Philip Mark Donaghy [mailto:[EMAIL PROTECTED] Sent: 02 August 2006 10:58 To: Jetspeed Users List Subject: Re: security-spi-atz.xml for LDAP There is also an ldif file in the jetspeed source directory etc/apacheds called j2-apacheds.ldif Phil On 8/2/06, O'Connell, Iain <[EMAIL PROTECTED]> wrote: > Hi Folks, > > After some trial and error I came up with the following security > authorization configuration. Also I've included the contents of an ldif > file which should help to get this up and running. > > Cheers, > > Iain > > <!-- security-spi-atz --> > > <?xml version="1.0" encoding="UTF-8"?> > <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" > "http://www.springframework.org/dtd/spring-beans.dtd";> > <!-- > Copyright 2004 The Apache Software Foundation > > Licensed under the Apache License, Version 2.0 (the "License"); > you may not use this file except in compliance with the License. > You may obtain a copy of the License at > > http://www.apache.org/licenses/LICENSE-2.0 > > Unless required by applicable law or agreed to in writing, software > distributed under the License is distributed on an "AS IS" BASIS, > WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > See the License for the specific language governing permissions and > limitations under the License. > --> > <beans> > > <!-- ************** Security SPI Handlers ************** --> > <!-- Security SPI: LdapUserCredentialDao --> > <bean > id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao" > > class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDaoImpl" > > > <constructor-arg index="0"><ref > bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></const > ructor-arg> > </bean> > > <!-- Security SPI: LdapPrincipalDao --> > <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao" > > > class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl"> > > <constructor-arg index="0"><ref > bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></const > ructor-arg> > </bean> > > <!-- Security SPI: CredentialHandler --> > <bean id="org.apache.jetspeed.security.spi.CredentialHandler" > class="org.apache.jetspeed.security.spi.impl.LdapCredentialHandler"> > > <constructor-arg ><ref > bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao"/></c > onstructor-arg> > </bean> > > <!-- Security SPI: UserSecurityHandler --> > <bean id="org.apache.jetspeed.security.spi.UserSecurityHandler" > > class="org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler"> > > <constructor-arg ><ref > bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></co > nstructor-arg> > </bean> > > <!-- Security SPI: GroupSecurityHandler --> > <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDao" > class="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"> > > <constructor-arg index="0"> > <ref > bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/> > </constructor-arg> > </bean> > </beans> > > <!-- /security-spi-atz --> > > The ldif for my LDAP looks like this: Note that I used OpenLDAP and there > were some problems with inherited mandatory attributes that you need to > watch out for: > <!-- ldif --> > dn: dc=foo,dc=com > objectClass: top > objectClass: dcObject > objectClass: organization > objectClass: person > dc: root > o: root > description: root DIT > sn: root > cn: root > > dn: ou=users,dc=foo,dc=com > ou: users > objectClass: top > objectClass: organizationalUnit > > dn: uid=admin,ou=users,dc=foo,dc=com > objectClass: jetspeed-2-user > objectClass: inetorgperson > objectClass: organizationalPerson > objectClass: uidObject > objectClass: person > objectClass: top > cn: admin > ou: users > sn: admin > uid: admin > userPassword: admin > j2-role: admin > > dn: ou=groups,dc=foo,dc=com > objectClass: top > objectClass: organizationalUnit > ou: groups > description: groups > > dn: ou=roles,dc=foo,dc=com > objectClass: top > objectClass: organizationalUnit > ou: roles > description: roles > > dn: cn=admin,ou=roles,dc=foo,dc=com > uid: admin > cn: admin > ou: roles > objectClass: jetspeed-2-role > objectClass: top > objectClass: uidObject > > <!-- /ldif --> > > Thanks to Michael Kearns for his input also! > > -----Original Message----- > From: O'Connell, Iain [mailto:[EMAIL PROTECTED] > Sent: 01 August 2006 17:16 > To: 'Jetspeed Users List' > Subject: security-spi-atz.xml for LDAP > > > Hi Folks, > > If anybody has a sample of the security-spi-atz.xml Spring config file > working for LDAP authorization (group and role) would they mind posting it > please? > > Thanks, > > Iain > > -- Philip Donaghy donaghy.blogspot.com del.icio.us/donaghy/philip Skype: philipmarkdonaghy Office: +33 5 56 60 88 02 Mobile: +33 6 20 83 22 62 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
