|
List Info
Thread: Re: New development build available: look and feelimprovements
|
|
| Re: New development build available:
look and feelimprovements |
|
2007-04-13 10:55:02 |
|
Hi,
Took some time to take a closer look at the LDAP support.
Latest version in SVN contains first cut attempt to make config as simple as possible for end user. ; Following are the additional (optional) entries in
jtrac.properties JTrac will assume LDAP authentication if an "ldap.url" config entry is present.
ldap.url=ldap://myldaphost
ldap.searchBase=DC=foo,DC=bar,DC=org
if you are using Active Directory, you can add this line:
ldap.activeDirectoryDomain=MYDOMAIN
Unfortunately I have tested only on Active Directory, so would appreciate some help in testing for non-AD LDAP. ; Any suggestions on whether and how we can get the space allocation info from LDAP are welcome. If there are too many possible ways or this is confusing, maybe the best thing to do is to design an interface and expect users to implement this as per their specific LDAP requirement, add the compiled code to the classpath and specify the implementation in
jtrac.properties
Thanks,
Peter.
On 3/27/07,
Maksim Lin for technical support mailling lists < maksim_lin ngv.vic.gov.au" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">maksim_linngv.vic.gov.au> wrote:
Thanks very much for this Peter!
The LDAP login now works for me! Though I did have to make some small
changes (patch attached) as I actually use openLDAP rather then AD.
Note that I also added the following to the
applicationContext-acegi.xml
at line 40 as samAccountname is very AD specific too:
<property name=";searchKey" value="uid"/>
Of course my patch is very untidy - I'm thinking that the code should
probably be split into a big if-else to cater for the AD specific and
then the generic LDAP ways of doing things - or maybe split out into
seperate private methods?
Also as you can see from the debug info below, the searching code works
fine too, so hopefully this bodes well for integrating reading user
attributes (full name, email) from LDAP (if available) rather the from
jtracs DB ??
And perhaps if we could have another bean property like "userGroupDN"
(eg. value: cn=JtracUsers,ou=groups,o=ngv) then you could also implement
in the future the feature you mentioned previously, where you can add
users from a list fetched from LDAP where that list is populated with
members of an LDAP group. I'm guessing this could be done as just
another bit of code using a SearchControl ?
Thanks again,
Maks.
===============================
; [java] 2007-03-27 15:17:51,609 DEBUG
[info.jtrac.acegi.JtracLdapAuthenticationProvider] - <attempting
authentication via LDAP>
; [java] 2007-03-27 15:17:51,619 DEBUG
[info.jtrac.acegi.JtracLdapAuthenticationProvider] - <Active Directory
LDAP context initialized>
; [java] 2007-03-27 15:17:51,619 DEBUG
[info.jtrac.acegi.JtracLdapAuthenticationProvider] - <mrfoo: LDAP bind
successful>
; [java] 2007-03-27 15:17:51,619 DEBUG
[info.jtrac.acegi.JtracLdapAuthenticationProvider] - <attributes:
{mail=mail: mrfoongv.vic.gov.au" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">mrfoongv.vic.gov.au, cn=cn: Mr Foo}>
[java] 2007-03-27 15:17:51,619 DEBUG
[info.jtrac.acegi.JtracLdapAuthenticationProvider
] - <mail:
mrfoongv.vic.gov.au" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">mrfoongv.vic.gov.au>
; [java] 2007-03-27 15:17:51,619 DEBUG
[info.jtrac.acegi.JtracLdapAuthenticationProvider
] - <displayName: Mr
Foo>
[java] 2007-03-27 15:17:51,619 DEBUG
[info.jtrac.acegi.JtracLdapAuthenticationProvider] - <user details
retrieved from LDAP, now checking local database>
[java] 2007-03-27 15:17:51,619 DEBUG [info.jtrac.JtracImpl] -
<loadUserByUserName success for 'mrfoo'>
[java] 2007-03-27 15:17:51,619 WARN
[org.acegisecurity.event.authentication.LoggerListener] -
<Authentication event AuthenticationSuccessEvent: mrfoo; details: null>
> -----Original Message-----
> From: j-trac-users-bounceslists.sourceforge.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">j-trac-users-bounceslists.sourceforge.net
> [mailto: j-trac-users-bounceslists.sourceforge.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
j-trac-users-bounceslists.sourceforge.net
] On Behalf
>; Of Peter Thomas
>; Sent: Sunday, 25 March 2007 03:43
> To: JTrac users mailing-list
> Subject: [jtrac-users] New development build available: look
> and feelimprovements
>
> Hi,
>
> There is a new development build available. ;Most notable in
> this version are user interface improvements, colors have
> been tweaked and some icons have been added to the core
> screens to pretty them up. But - really hope things have not
> gotten cluttered in the process - so feel free to complain.
>
> There is support for Active Directory single-sign-on in this
> build. For this you would need to edit a file within the WAR
> (unzip first) as follows:
>
> - comment out XML line 29 in applicationContext-acegi.xml
>; - edit the values in lines 37 - 39 of the same file to suit
> your env (port no is optional if LDAP default)
> - start, login as admin and create a user ensuring the same
> windows login id as Login Name
>
> As always, details on how to get the latest build are | |