||This page (and all pages in the Tech: namespace) is a developer discussion about a feature that is either proposed for inclusion in JAMWiki or one that has already been implemented. This page is NOT documentation of JAMWiki functionality - for a list of documentation, see Category:JAMWiki.
|Status of this feature
: IMPLEMENTED. Improved Spring Security integration, including LDAP, was included as part of the JAMWiki 0.7.0
Allow LDAP to be used for user validation. This should be implemented as an option for sitese that have an LDAP database, but standard JAMWiki database validation (using the jam_user_info table) should still be allowed for sites without LDAP.
Implemented on the trunk branch, to be included in JAMWiki 0.5.0. Testing needed. The final implementation was done by creating a UserHandler interface. It is now possible for anyone to implement their own validation mechanism by creating a class which implements this interface.
We're running JAMWiki in Windows domain environment on Tomcat and would love to be able to manage users/groups with our existing LDAP/Active Directory. I understand there was some interest in this a while back and that there is existing code that may be well on the way to making this work. We'd also be happy to help test this feature if necessary. Thanks!
- Once JAMWiki 0.4.3 is out (either tonight or tomorrow) then work will begin on JAMWiki 0.5.0, so if you're interested I can definitely re-enable the LDAP code during that development cycle and we can try to get something working. I have absolutely zero LDAP experience and no LDAP database to use for testing, so I would be dependent on you for testing, bug reports, and (if you're willing) code to fix issues.
- Provided the above sounds reasonable, I can re-enable the existing code (which provides the ability to set LDAP settings and access an LDAP database) and then modify the JAMWiki user code to use LDAP if it is configured. Beyond that I'd need help from you to determine if the old code actually works when retrieving LDAP values, and if my changes actually work when initializing user objects. Let me know if you'll have the time for this, and if so I'll try to get some beta code available by Monday. -- Ryan 09-Nov-2006 13:42 PST
- ...as an aside, did the upgrade fixes in JAMWiki 0.4.2 solve your upgrading problem? I did fairly extensive upgrade tests, so hopefully the issue was resolved. -- Ryan 09-Nov-2006 13:44 PST
- LDAP support is proving to be more complex than I anticipated - the existing JAMWiki LDAP code wasn't really useful, and several other features that have been added to JAMWiki make re-enabling LDAP more difficult. I expect it will take another day or two (at least) before anything is ready. Good news is that there are several public LDAP servers that can be used for testing, and OpenLDAP isn't too scary to install, so hopefully JAMWiki LDAP will be more-or-less working once the code is ready. -- Ryan 12-Nov-2006 23:46 PST
Update: I've got most of the LDAP code in place and have installed and configured OpenLDAP on my laptop; I'll begin doing some testing tomorrow to see if the LDAP code actually works. Once that's done I need to modify the existing code to prevent users from updating user information when using LDAP, or else add code to update values in LDAP. With any luck the first beta will be ready soon. -- Ryan 15-Nov-2006 00:48 PST
- Update #2: Login and registration seem to be mostly working with LDAP on my local machine, but in the process I've made a mess of the registration code and created a bug in the database user-handler code that needs to be fixed. I was hoping to get the first beta out tonight, but at a minimum the database user-handler bug needs to be fixed, and preferably I'd like to do a bit of cleanup. Hopefully it will be ready tomorrow - sorry for the delays. -- Ryan 16-Nov-2006 03:18 PST
- Update #3: I just pushed the latest code onto jamwiki.org. I'm hoping that there aren't any serious bugs remaining, and barring surprises I'll put the first beta out later tonight. There's still work to do on validating LDAP settings, cleaning up the code, etc, but the code is close enough that it's worth soliciting feedback at this point. -- Ryan 16-Nov-2006 14:01 PST
Acegi comments moved to Tech:Acegi integration