Andrew, I think adding LDAP Integration into JSPWiki is an excellent idea, though I'd question the need to offer embedded LDAP with JSPWiki. If you're goal is to provide this integration specifically for Enterprise users, 99% of the time they will already have an existing LDAP infrastructure they are tying into. In that scenario, you don't need to provide the LDAP database. This makes your life much easier. To be honest, I think simply providing an LdapUserDatabase and LdapGroupDatabase would satisfy most cases you are looking for.
I had thought about doing this for my installation, but was successful in getting my container (WebSphere) to do most of the work for me. I did have to make some modifications to the web.xml to get things to work as expected, but it works like a charm. I still use the File-based user/group databases, but WebSphere assigns the important roles (in my case they are Authenticated, Author, and Admin) based on LDAP Group memberships. The one hiccup for me that prevents me from using LDAP for group memberships relates to rights. In a large organization, permissions tend to be controlled by an external party (Information Security group, etc). Due to this my JSPWiki application can READ LDAP, but has no authority to modify. Modifications in LDAP require a form submission, approvals, and all that jazz. So using File-based group databases actually allows me to use JSPWiki Groups and ACLs in my Wiki without having to have every little change provisioned separately. To me the separation is a good thing. With that said, I doubt that will be the case for everyone. I'd be willing to take a crack at putting together user/group databases that interface with LDAP... I was already planning on putting together an ldap-based user database for my installation to eliminate the file-based user database I'm using today. Joseph Hobbs Lead Technology Architect Enabling Technologies : Technical Services Fifth Third Bank Phone : (513) 534-5908 Fax : (513) 534-3408 Email : [EMAIL PROTECTED] -----Original Message----- From: Andrew Jaquith [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2008 3:28 PM To: [email protected] Subject: Re: LDAP user database & LoginModule I was thinking mostly about the fact that LDAP integration (and specifically, Active Directory) is a pretty important thing for enterprises. It seems like something we should just have. I'd prefer not to say "go write your own!" to people who ask. I'd feel guilty knowing that they'd half-ass it. :) No, I don't see JSPWiki becoming an LDAP *provider.* Just a consumer. Interesting thought though. On Tue, Dec 9, 2008 at 2:42 PM, Janne Jalkanen <[EMAIL PROTECTED]>wrote: > > Can't say that I have... LDAP is mostly black magic to me anyway :-) > > But my +1 for this. Sounds like a good idea. Are you perhaps thinking of > JSPWiki becoming an LDAP provider for massive wikifarm integration with > other software as well? ;-) > > /Janne > > > On Dec 9, 2008, at 21:07 , Andrew Jaquith wrote: > > Fellow devs-- >> >> Anybody experienced with embedded Java LDAP servers like OpenDS? I'd like >> to see us ship a supported LDAP option for authentication (JAAS LoginModule) >> and user storage (UserDatabase). Would love to rig up a test harness, like >> we have with HSQL, as the first step. >> >> Anybody able to take this on? >> >> Andrew >> > > This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.
