Copyright 2004 The Apache Software Foundation

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

LDAP user management
--------------------
This version of Jetspeed contains an LDAP-based user management service.
The module is experimental, and provided as is. It may lack features
present in other user management implementations. 

The module is tested using OpenLDAP slapd 2.0.25 Release having the 
following schemas included: 

 core.schema
 cosine.schema
 inetorgperson.schema
 nis.schema
 jetspeed.schema

All the other schemas are provided as a part of OpenLDAP, but 
"jetspeed.schema" is provided as a part of Jetspeed Portal platform.

You must put the followind entries to the "slapd.conf" configuration
file in order to make Jetspeed work with LDAP:

 database        ldbm
 suffix          "ou=jetspeed,o=apache"
 rootdn          "cn=ldapadmin,ou=jetspeed,o=apache"
 rootpw          secret

... and the following entry to "ldap.conf" configuration file:

 BASE ou=jetspeed,o=apache

Then copy the schema file "jetspeed.schema" to your LDAP server's
schema directory. 

Start slapd, and import the LDIF file "jetspeed.ldif" using your
favourite LDAP tool. Jetspeed's LDIF file contains the same user,
group, role and permission definitions than the database version.

On the portal side you can enable LDAP user management by merging
the properties found from "LDAP-JetspeedSecurity.properties" file
to the "JetspeedSecurity.properties" file. Change the 
"services.ldap.host" property to point to your LDAP server. 
Then you should have everything up and running.

Please note that currently the only supported crypting algorithm
for LDAP user management is Unix crypt. Unix crypt is commonly
used to encrypt data in LDAP directories, but the JCE (Java
Cryptographic Extensions) package does not support it (as far as
I know). Therefore, JCE cannot be used directly if UnixCrypt 
must be supported, so an extra cryptographic layer should be
introduced on top of these two to allow users to use both encryption
mechanisms. If someone has a good view of how this should be done,
please post a proposal on the jetspeed-devel mailing list.  

If you don't get Jetspeed to work with LDAP but you are sure that
your LDAP tree is properly built, you can contact Sami Leino 
(sami.leino@netorek.fi) and he will try to help you.

Change log: (since release 1.4b3, 2002/12/17)
---------------------------------------------

2003/01/29: Fixed bug 16511 (no-secure passwords not allowed with LDAP)
2003/01/20: Passes all unit-tests now.
2003/01/20: Performance improvements. Now fetches all users from LDAP with
            one JNDI lookup when retrieving all users with getUsers() method.
            Earlier version constructed every user with separate lookup.
2003/01/20: DirContexts are now properly closed. Should no longer leave
            LDAP connections open.
2003/01/20: Error handling fixed. Now propagates Exceptions from LDAP 
            operations to the application level.    
2003/01/20: Date format changed to "yyyyMMddmmHHss'Z'". Dates are now 
            stored using GMT timezone. 
2003/01/20: SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 in "jetspeed.schema" changed 
            to 1.3.6.1.4.1.1466.115.121.1.26 when using caseIgnoreIA5Match.  
2003/01/20: LDAP-safe uid generation mechanism introduced in
            "BaseLDAPObject.java". 
2003/01/20: Overall code cleanup performed (still a lot to do though).
            Extraneous imports removed. 
  
  