Thanks for the reply, Aysegul. Yeah, I can handle the source code so when we upgrade to 2.2 I'll take a crack at it and contribute the patch.
We're currently on 2.1.3 and I've been working on modifying the source code to add these features. But if it was already done in 2.2, then we would hold off until we upgrade. Since I'm almost done, I'll probably continue with the modifications for 2.1.3 but since the security APIs have been refactored, I will no doubt have to redo my implementation from scratch when we upgrade... On Fri, Oct 9, 2009 at 2:35 AM, Aysegul Aydin <[email protected]> wrote: > Hi, > > We haven't used password interceptors but as far as I could trace the source > code, I think that they are not used in case of LDAP authentication. > But, if you can handle java source code, you can add the functionality > yourself. Just take a look at the default authentication implementation > (org.apache.jetspeed.security.impl.DefaultAuthenticationProvider and > org.apache.jetspeed.security.impl.UserPasswordCredentialPolicyManagerImpl > classes namely. Check authenticate method of the > UserPasswordCredentialPolicyManagerImpl . You can see that (registered) > password interceptors are being called inside that method). You can register > the interceptor you are interested with Spring and call it in authenticate > method of org.apache.jetspeed.security.impl.LdapAuthenticationProvider class. > > Alternatively you can file a bug report about this. Maybe a patch will be > generated by Jetspeed team. But keep in mind that LDAP integration is not one > of their priorities, so if you can handle it yourself give it a try. > > Good luck, > Aysegul. > > > ________________________________ > From: Aaron Evans <[email protected]> > To: Jetspeed Users List <[email protected]> > Sent: Thursday, October 8, 2009 6:55:12 PM > Subject: Re: LDAP and User Passwords > > Aysegul, > > I'm considering upgrading to 2.2 and using your patch to get password > synchronization working. > > I have a question though: do you know if the password credential > interceptors are supported when you use LDAP? > > In particular, I'm looking to use the > MaxPasswordAuthenticationFailuresInterceptor implementation of > InternalPasswordCredentialInterceptor... > > thanks, > aaron > > On Mon, Jun 29, 2009 at 7:25 AM, Aysegul Aydin <[email protected]> wrote: >> >> Hi, >> >> I implemented the password synchronization for LDAP. I created a JIRA issue >> and attached my custom implementation (java source code and configuration >> files) to the issue. For those who need the same functionality, please refer >> to JIRA issue https://issues.apache.org/jira/browse/JS2-1037 . >> >> PS. My solution stores the users' passwords in LDAP as well as the database. >> So, I use the current password credential storage and access managers to >> store and retrieve the passwords to / from the database. My implementation >> stores the passwords in LDAP when they are first created or changed. It does >> not include password retrieval code from LDAP, since the database access >> manager provides that part. My implementation uses a password encoder that >> does the password encoding just the same way as LDAP. It's not a good >> solution regarding security constraints. But in our environment, LDAP server >> and portal server will reside in a LAN, so security is not a big concern. >> >> Regards, >> Aysegul. >> >> >> >> ----- Original Message ---- >> From: Aysegul Aydin <[email protected]> >> To: Jetspeed Users List <[email protected]> >> Sent: Friday, June 26, 2009 2:11:16 PM >> Subject: Re: LDAP and User Passwords >> >> >> Hi, >> >> We need this integration so I will be implementing this feature. I took a >> look at the current PasswordCredential management source codes. I figured >> out that I should implement UserPasswordCredentialAccessManager and >> UserPasswordCredentialStorageManager interfaces. Would that be sufficient? >> >> Regards, >> Aysegul. >> >> >> >> ----- Original Message ---- >> From: Ate Douma <[email protected]> >> To: Jetspeed Users List <[email protected]> >> Sent: Thursday, June 25, 2009 10:50:09 AM >> Subject: Re: LDAP and User Passwords >> >> Vivek Kumar wrote: >>> Hi >>> >>> You are not missing any thing, The problem is that, we don't have user >>> credential handler for Ldap in jetspeed 2.2.0. >> True. >> Our current users for the LDAP integration haven't had (yet) the need to >> create user credetials from Jetspeed and storing it back into LDAP. >> >>> Please create an jira issue for tracking this problem. >> Our available cycles and the priority for this are a little low right now, >> but if you can come up with an implementation and provide a JIRA patch, we'd >> be happy to incorporate this in Jetspeed! >> >> Regards, >> >> Ate >> >>> >>> Vivek >>> >>> >>> Aysegul Aydin wrote: >>>> Hi, >>>> >>>> I'm testing the LDAP integration of JetSpeed 2.2.0 with ApacheDS. I >>>> managed to successfully integrate LDAP with JetSpeed. However, I have a >>>> problem with user creation. When I create a new user in JetSpeed portal, >>>> newly created user's password is not set to LDAP. A new user entry is >>>> created in LDAP without a problem but its password attribute is not >>>> created. Am I missing something that does this password synchronization? >>>> >>>> Aysegul Aydin. >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>>> >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
