On Fri, 21 May 2004 11:09:30 -0700, James Mason <[EMAIL PROTECTED]> wrote:
Here's what I'm hoping to have when I get finished:
1. Tomcat authenticates users against an LDAP repository. 2. Slide authorizes users against an LDAP repository. 3. Slide authorizes groups (or roles) against an LDAP repository. 4. Slide determines group/role membership from user membership in LDAP groups.
#1 is not an issue with Slide, but I was thinking of configuring Tomcat to use the SlideRealm and having Slide authenticate against LDAP. This may not be worth the effort, though.
I have used the JAAS implementation from slide for this so that i dont have to worry about keeping users up to dat in the application server. Thus jetty (I prefer Jetty over tomcat) authenticates via jaas through slide. Thus all users are managed in slide. I have also written some admin classes for administrating users. If the store for users is changed to LDAP, this should still play nicely.
For #2 - #4, based on my understanding of Slide, I'm going to need to create a new Store implementation that talks to LDAP.
Unfortunately I havent looked at the stores, so cant add any pointers here
My questions: Does anyone see anything I've overlooked (an easier way to do this, perhaps)?
I think one has to consider what the benefits of using LDAP are as a user store? I would have thought the main benefit is centralisation, single sign in that sort of thing. In doing that one would need to use a common schema that all apps authenticating users etc.. would all support I have No real experience with LDAP schema's but I guess the trick here is to use a recognised schema for users and add the extra nodes that slide would require, remembering that ACLs are quite complicated in slide, would these apply outside of slide?? or would each app using LDAP have its own application specific ACLs I definitley find the ACLs difficult to get my head around.
Has anyone else done something similar that they wouldn't mind sharing? Is there any documentation/postings that would help me write a new Store? What I've found basically says read the source for the default stores.
Actually the text stores are probably better to look at than the SQL/J2EE stores as they are more node like (albeit xml node based), LDAP dI think has a node like structure so the match is good.
The other question would be how would you talk to LDAP, would you use JNDI or specific LDAP libraries ? I think JNDI may have a benefit here, plus slide could also benefit from a little JNDI support, again these are not areas of my expertese, just my $0.02, and I would certainly be prepared to help as long as the code was contributed back (I.E opensourced).
Al --
[EMAIL PROTECTED] <<<<<<<<<<<<<<<<<<<<<<<<<<<
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
