I'm still working on ldap, not far from the end :-)
I am currenlty mapping our ldap definition with jetspeed. Indeed, we have
our proper ldap schema that I have to use.
It works fine, but I have a question about ldap beans mechanisms.
For instance, we don't use uid.
Our id is BnfIdentifiant, we use also cn attribute (not mandatory)
First I've changed override.properties file to construct the appropriate
filter to retrieve ldap user (search on attribute BnFIdentifier).
That 's a classic stuff.
After that, Icouldn't login so I've changed security-ldap.xml file. In
particular, I've changed
_ relationships between role and users, groups and users... (We don't use
member, but bnfmember, don't ask me why :-)
_ UserDaoConfiguration: It contains a list of attributes mapping on ldap
(cn, sn uid...)
I've changed to BnFIdentifiant, and login works !!! (Yes !!!!)
But Is that not dangerous, will jetspeed will still work? Is there an
unexpected side effect?
Original one definition of UserDaoConfiguration
<property name="ldapIdAttribute" value="uid" />
<property name="objectClasses"
value="inetOrgPerson,organizationalPerson,person,top"/>
<property name="attributeDefinitions">
<set>
<bean
class="org.apache.jetspeed.security.mapping.model.impl.AttributeDefImpl">
<constructor-arg index="0" value="uid" />
<constructor-arg index="1" value="false" />
<constructor-arg index="2" value="false" />
<property name="required" value="true"/>
<property name="idAttribute" value="true"/>
</bean>
<bean
class="org.apache.jetspeed.security.mapping.model.impl.AttributeDefImpl">
<constructor-arg index="0" value="cn" />
<constructor-arg index="1" value="false" />
<constructor-arg index="2" value="false" />
<property name="required" value="true"/>
<property name="idAttribute" value="true"/>
</bean>
...
Modified one:
<property name="ldapIdAttribute" value="BnFIdentifiant" />
<property name="objectClasses"
value="inetOrgPerson,organizationalPerson,person,top"/>
<property name="attributeDefinitions">
<set>
<bean
class="org.apache.jetspeed.security.mapping.model.impl.AttributeDefImpl">
<constructor-arg index="0" value="BnFIdentifiant" />
<constructor-arg index="1" value="false" />
<constructor-arg index="2" value="false" />
<property name="required" value="true"/>
<property name="idAttribute" value="true"/>
</bean>
<bean
class="org.apache.jetspeed.security.mapping.model.impl.AttributeDefImpl">
<constructor-arg index="0" value="cn" />
<constructor-arg index="1" value="false" />
<constructor-arg index="2" value="false" />
<property name="required" value="true"/>
<property name="idAttribute" value="true"/>
</bean>
<bean
class="org.apache.jetspeed.security.mapping.model.impl.AttributeDefImpl">
<constructor-arg index="0" value="BnFIdentifiant" />
<constructor-arg index="1" value="false" />
<constructor-arg index="2" value="false" />
<property name="required" value="true"/>
<property name="idAttribute" value="true"/>
</bean>
...
Cordialement,
-----------------------------------------------
Jérôme Dupont
Bibliothèque Nationale de France
Département des Systèmes d'Information
Tour T3 - Quai François Mauriac
75706 Paris Cedex 13
téléphone: 33 (0)1 53 79 45 40
e-mail: [email protected]
-----------------------------------------------
Exposition Vogue : l'aventure d'une maison de disque - jusqu'au13 novembre
2011 - BnF - François-Mitterrand / Allée Julien Cain Avant d'imprimer, pensez à
l'environnement.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
