Copyright 2004 The Apache Software Foundation Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. LDAP user management -------------------- This version of Jetspeed contains an LDAP-based user management service. The module is experimental, and provided as is. It may lack features present in other user management implementations. The module is tested using OpenLDAP slapd 2.0.25 Release having the following schemas included: core.schema cosine.schema inetorgperson.schema nis.schema jetspeed.schema All the other schemas are provided as a part of OpenLDAP, but "jetspeed.schema" is provided as a part of Jetspeed Portal platform. You must put the followind entries to the "slapd.conf" configuration file in order to make Jetspeed work with LDAP: database ldbm suffix "ou=jetspeed,o=apache" rootdn "cn=ldapadmin,ou=jetspeed,o=apache" rootpw secret ... optionally adding the following index definitions index default pres,eq index uid ... and the following entry to "ldap.conf" configuration file: BASE ou=jetspeed,o=apache Then copy the schema file "jetspeed.schema" to your LDAP server's schema directory. Start slapd, and import the LDIF file "jetspeed.ldif" using your favourite LDAP tool. Jetspeed's LDIF file contains the same user, group, role and permission definitions than the database version. On the portal side you can enable LDAP user management by merging the properties found from "LDAP-JetspeedSecurity.properties" file to the "JetspeedSecurity.properties" file. Change the "services.ldap.host" property to point to your LDAP server. Then you should have everything up and running. Please note that currently the only supported crypting algorithm for LDAP user management is Unix crypt. Unix crypt is commonly used to encrypt data in LDAP directories, but the JCE (Java Cryptographic Extensions) package does not support it (as far as I know). Therefore, JCE cannot be used directly if UnixCrypt must be supported, so an extra cryptographic layer should be introduced on top of these two to allow users to use both encryption mechanisms. If someone has a good view of how this should be done, please post a proposal on the jetspeed-devel mailing list. If you don't get Jetspeed to work with LDAP but you are sure that your LDAP tree is properly built, you can contact Sami Leino (sami.leino@netorek.fi) and he will try to help you. Change log: (since release 1.4b3, 2002/12/17) --------------------------------------------- 2003/01/29: Fixed bug 16511 (no-secure passwords not allowed with LDAP) 2003/01/20: Passes all unit-tests now. 2003/01/20: Performance improvements. Now fetches all users from LDAP with one JNDI lookup when retrieving all users with getUsers() method. Earlier version constructed every user with separate lookup. 2003/01/20: DirContexts are now properly closed. Should no longer leave LDAP connections open. 2003/01/20: Error handling fixed. Now propagates Exceptions from LDAP operations to the application level. 2003/01/20: Date format changed to "yyyyMMddmmHHss'Z'". Dates are now stored using GMT timezone. 2003/01/20: SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 in "jetspeed.schema" changed to 1.3.6.1.4.1.1466.115.121.1.26 when using caseIgnoreIA5Match. 2003/01/20: LDAP-safe uid generation mechanism introduced in "BaseLDAPObject.java". 2003/01/20: Overall code cleanup performed (still a lot to do though). Extraneous imports removed. 2006/05/15: Correcting NPE conditions in LDAPUser. Added required JetspeedSecurity service properties values for provided sample LDAP (especially for secure.passwords=true) in LDAP-JetspeedSecurity.properties (to merge). Mention (optional) openldap index definitions in ldap-notes (here). Tested with OpenLDAP slapd 2.3.20.