[
https://issues.apache.org/jira/browse/JAMES-3905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benoit Tellier updated JAMES-3905:
----------------------------------
Description:
h2. Why
James supports virtual hosting, ie manage several domains like linagora.com,
ossa.fr, openpaas.org, etc...
A common set up is to get one LDAP base DN per entity / group of users to
better organise access to apps.
Eg ou=users,dc=linagora.com,dc=lng and ou=demo,dc=linagora.com,dc=lngetc...
Today writing such a configuration is really painful and involves more LDAP
filters than it actually should!
h2. What
Address these on-prem multi-hosted set up by updating the LDAP configuration
and allow per-virtual hosted domain BASE DN.
EG:
{code:java}
<usersrepository name="LocalUsers"
class="org.apache.james.user.ldap.CombinedUsersRepository"
ldapHost="${env:OP_JAMES_LDAP_URI}"
userBase="${env:OP_JAMES_LDAP_BASE_DN}"
principal="${env:OP_JAMES_LDAP_PRINCIPAL_DN}"
credentials="${env:OP_JAMES_LDAP_BIND_PW}"
userIdAttribute="mail"
userObjectClass="person"
administratorId="${env:OP_JAMES_ADMINISTRATOR_ID}" >
<enableVirtualHosting>true</enableVirtualHosting>
<domains>
<ossa.fr>
<userBase>ou=user,dc=ossa.fr,dclng</userBase>
</ossa.fr>
</domains>
</usersrepository>
{code}
- Domain entry is only allowed with virtual hosting. Without it it throws.
- Upon retrieving a user entry, the domain part is used to see if the LDAP
user base dn should be overriden. (searchAndBuildUser).
- Listing operations should also include domains extra based DN (filtered to
only include entries of the concerned domain!)
Create an easy to override abstraction for domain -> Base DN so that if someone
else wants to make this dynamic, it is possible!
h2. Definition of Done
Unit tests
was:
h2. Why
James supports virtual hosting, ie manage several domains like linagora.com,
ossa.fr, openpaas.org, etc...
A common set up is to get one LDAP base DN per entity / group of users to
better organise access to apps.
Eg ou=users,dc=linagora.com,dc=lng and ou=demo,dc=linagora.com,dc=lngetc...
Today writing such a configuration is really painful and involves more LDAP
filters than it actually should!
h2. What
Address these on-prem multi-hosted set up by updating the LDAP configuration
and allow per-virtual hosted domain BASE DN.
EG:
{code:java}
<usersrepository name="LocalUsers"
class="org.apache.james.user.ldap.CombinedUsersRepository"
ldapHost="${env:OP_JAMES_LDAP_URI}"
userBase="${env:OP_JAMES_LDAP_BASE_DN}"
principal="${env:OP_JAMES_LDAP_PRINCIPAL_DN}"
credentials="${env:OP_JAMES_LDAP_BIND_PW}"
userIdAttribute="mail"
userObjectClass="person"
administratorId="${env:OP_JAMES_ADMINISTRATOR_ID}" >
<enableVirtualHosting>true</enableVirtualHosting>
<domains>
<ossa.fr>
<userBase>ou=user,dc=ossa.fr,dclng</userBase>
</ossa.fr>
</domains>
</usersrepository>
{code}
- Domain entry is only allowed with virtual hosting. Without it it throws.
- Domains (here ossa.fr) needs to be managed (into domain list - note that
domain list can contain a set of statically configured domains <3)
- Upon retrieving a user entry, the domain part is used to see if the LDAP
user base dn should be overriden. (searchAndBuildUser).
- Listing operations should also include domains extra based DN (filtered to
only include entries of the concerned domain!)
Create an easy to override abstraction for domain -> Base DN so that if someone
else wants to make this dynamic, it is possible!
h2. Definition of Done
Unit tests
> LDAP: have per domain base DNs overrides
> ----------------------------------------
>
> Key: JAMES-3905
> URL: https://issues.apache.org/jira/browse/JAMES-3905
> Project: James Server
> Issue Type: Improvement
> Reporter: Benoit Tellier
> Priority: Major
>
> h2. Why
> James supports virtual hosting, ie manage several domains like linagora.com,
> ossa.fr, openpaas.org, etc...
> A common set up is to get one LDAP base DN per entity / group of users to
> better organise access to apps.
> Eg ou=users,dc=linagora.com,dc=lng and ou=demo,dc=linagora.com,dc=lngetc...
> Today writing such a configuration is really painful and involves more LDAP
> filters than it actually should!
> h2. What
> Address these on-prem multi-hosted set up by updating the LDAP configuration
> and allow per-virtual hosted domain BASE DN.
> EG:
> {code:java}
> <usersrepository name="LocalUsers"
> class="org.apache.james.user.ldap.CombinedUsersRepository"
> ldapHost="${env:OP_JAMES_LDAP_URI}"
> userBase="${env:OP_JAMES_LDAP_BASE_DN}"
> principal="${env:OP_JAMES_LDAP_PRINCIPAL_DN}"
> credentials="${env:OP_JAMES_LDAP_BIND_PW}"
> userIdAttribute="mail"
> userObjectClass="person"
> administratorId="${env:OP_JAMES_ADMINISTRATOR_ID}" >
> <enableVirtualHosting>true</enableVirtualHosting>
> <domains>
> <ossa.fr>
> <userBase>ou=user,dc=ossa.fr,dclng</userBase>
> </ossa.fr>
> </domains>
> </usersrepository>
> {code}
> - Domain entry is only allowed with virtual hosting. Without it it throws.
> - Upon retrieving a user entry, the domain part is used to see if the LDAP
> user base dn should be overriden. (searchAndBuildUser).
> - Listing operations should also include domains extra based DN (filtered
> to only include entries of the concerned domain!)
> Create an easy to override abstraction for domain -> Base DN so that if
> someone else wants to make this dynamic, it is possible!
> h2. Definition of Done
> Unit tests
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
