Author: jaredmorgs
Date: 2013-01-24 19:13:45 -0500 (Thu, 24 Jan 2013)
New Revision: 9075
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/LDAP.xml
Log:
BZ#856453 - Incorporated all QE feedback from Tomas for LDAP. Ready for Verification.
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2013-01-24 22:14:24
UTC (rev 9074)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2013-01-25 00:13:45
UTC (rev 9075)
@@ -7,7 +7,21 @@
<title>Revision History</title>
<simpara>
<revhistory>
- <revision>
+ <revision>
+ <revnumber>6.0.0-34</revnumber>
+ <date>Fri Jan 25 2013</date>
+ <author>
+ <firstname>Jared</firstname>
+ <surname>Morgan</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>BZ#856453 - Incorporated all QE feedback from Tomas for LDAP.
Ready for Verification.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
<revnumber>6.0.0-33</revnumber>
<date>Wed Jan 23 2013</date>
<author>
@@ -21,8 +35,7 @@
<member>Rebased changes for
https://docs.jboss.org/author/display/GTNPORTAL35/Working+with+WSRP+exten...
</simplelist>
</revdescription>
- </revision>
-
+ </revision>
<revision>
<revnumber>6.0.0-32</revnumber>
<date>Wed Jan 23 2013</date>
@@ -36,8 +49,8 @@
<member>BZ#886376 - Updated all Book_Info.xml files with consistent
subtitle. Rebuilt for review..</member>
</simplelist>
</revdescription>
- </revision>
- <revision>
+ </revision>
+ <revision>
<revnumber>6.0.0-31</revnumber>
<date>Tue Jan 22 2013</date>
<author>
@@ -49,7 +62,7 @@
<simplelist>
<member>Imported raw content for chapters for Password Encryption and
PicketLink IDM integration.</member>
<member>Rebased changes for
https://docs.jboss.org/author/display/GTNPORTAL35/PicketLink+IDM+integrat...
- <member>Rebased changes for
https://docs.jboss.org/author/display/GTNPORTAL35/Password+Encryption<...
+ <member>Rebased changes for
https://docs.jboss.org/author/display/GTNPORTAL35/Password+Encryption<...
</simplelist>
</revdescription>
</revision>
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/LDAP.xml
===================================================================
---
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/LDAP.xml 2013-01-24
22:14:24 UTC (rev 9074)
+++
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/LDAP.xml 2013-01-25
00:13:45 UTC (rev 9075)
@@ -49,91 +49,6 @@
If you are using a third party directory server
(<application>OpenDS</application>,
<application>OpenLDAP</application> or <application>Microsoft Active
Directory</application>), refer to the appropriate documentation for that product.
</para>
<para>
- The following values provide an example of working
configuration settings for the different Directory Servers:
- </para>
- <table>
- <title/>
- <tgroup cols="8">
- <colspec colname="1"/>
- <colspec colname="2"/>
- <colspec colname="3"/>
- <colspec colname="4"/>
- <colspec colname="5"/>
- <colspec colname="6"/>
- <colspec colname="7"/>
- <colspec colname="8"/>
- <spanspec namest="2" nameend="8"
spanname="vspan"/>
- <thead>
- <row>
- <entry> Directory Server </entry>
- <entry spanname="vspan"> Value </entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry/>
- <entry>
- <emphasis role="bold">root user Distinguished Name
(DN)</emphasis>
- </entry>
- <entry>
- <emphasis role="bold">Password</emphasis>
- </entry>
- <entry>
- <emphasis role="bold">Port</emphasis>
- </entry>
- <entry>
- <emphasis role="bold">Admin Port</emphasis>
- </entry>
- <entry>
- <emphasis role="bold">Base DN</emphasis>
- </entry>
- <entry>
- <emphasis role="bold">Database
Population</emphasis>
- </entry>
- <entry>
- <emphasis role="bold">SSO/TLS</emphasis>
- </entry>
- </row>
- <row>
- <entry>
- <emphasis role="bold">RHDS and OpenDS</emphasis>
- </entry>
- <entry> cn=Directory Manager </entry>
- <entry> password </entry>
- <entry> 1389 </entry>
- <entry> 4444 </entry>
- <entry> dc=example,dc=com </entry>
- <entry> "Only create the base entry"
</entry>
- <entry> no SSO, no TLS </entry>
- </row>
- <row>
- <entry>
- <emphasis role="bold">MSAD</emphasis>
- </entry>
- <entry> CN=Users </entry>
- <entry/>
- <entry/>
- <entry/>
- <entry/>
- <entry/>
- <entry/>
- </row>
- <row>
- <entry>
- <emphasis role="bold">OpenLDAP</emphasis>
- </entry>
- <entry> cn=Manager,dc=example,dc=com </entry>
- <entry> secret </entry>
- <entry> 1389 </entry>
- <entry/>
- <entry> dc=example,dc=com </entry>
- <entry/>
- <entry/>
- </row>
- </tbody>
- </tgroup>
- </table>
- <para>
These, and other appropriate settings, should be adjusted
to suit your circumstances.
</para>
</step>
@@ -150,8 +65,9 @@
</procedure>
<section
id="sect-Reference_Guide_eXo_JCR_1.14-LDAP_Integration-LDAP_in_Read-only_Mode">
<title>LDAP in Read-only Mode</title>
- <para>
- This section will show you how to add LDAP in read-only mode. This means
that user data entries (both pre-existing, and newly added through the JBoss Portal
Platform User Interface) will be consumed though the Directory Server and LDAP services,
but written to the underlying database. The only exception is that passwords updated
through the user interface will also be propagated into the appropriate LDAP entry.
+ <para>If LDAP is configured to operate in read-write mode, changes to user and
group information made in the portal platform is written back to the directory server.
</para>
+ <para>If LDAP is operating in read-only mode. existing user and group
information is consumed from the directory server, and all new user data entries created
using the Portal User Interface are stored in the portal database. </para>
+ <para>The only exception is that passwords updated through the user interface
will also be propagated into the appropriate LDAP entry.
</para>
<procedure id="proc-LDAP-LDAP_read-only_Mode">
<title>Set up LDAP read-only Mode</title>
@@ -358,7 +274,7 @@
<section
id="sect-Reference_Guide_eXo_JCR_1.14-LDAP_Integration-LDAP_as_Default_Store">
<title>LDAP as Default Store</title>
<para>
- Follow the procedure below to set LDAP up as the default identity store
for JBoss Portal Platform. All default accounts and some of groups that comes with JBoss
Portal Platform will be created in the LDAP store.
+ Follow the procedure below to set LDAP up as the default identity store
for JBoss Portal Platform. All default accounts and some of groups that come with JBoss
Portal Platform will be created in the LDAP store.
</para>
<para>
The LDAP server will be configured to store part of the JBoss Portal
Platform group tree. This means that groups under specified part of the tree will be
stored in directory server while all others will be stored in database.
@@ -582,10 +498,10 @@
<term>providerURL</term>
<listitem>
<para>
- The LDAP server connection URL. Formatted as
"LDAP://localhost:<replaceable><PORT></replaceable>".
The default setting is: <emphasis>LDAP://localhost:1389</emphasis>.
+ The LDAP server connection URL. Formatted as
"ldap://<replaceable><HOST></replaceable>:<replaceable><PORT></replaceable>".
The default setting is: <emphasis>ldap://localhost:1389</emphasis>.
</para>
<para>
- <emphasis
role="bold">MSAD</emphasis>: Should use SSL connection
(LDAPs://xxx:636) for password update or creation to work.
+ <emphasis
role="bold">MSAD</emphasis>: Should use SSL connection
(ldaps://<replaceable><HOST></replaceable>:636) for password
update or creation to work.
</para>
</listitem>
</varlistentry>
@@ -655,7 +571,7 @@
Comment #2: An additional option defines that nothing
else (except password updates) should be written there.
</para>
<para>
- All groups under <emphasis
role="bold">/acme/roles</emphasis> will be stored in PicketLink IDM
with the <emphasis role="bold">acme_roles_type</emphasis> group type
name and groups under <emphasis
role="bold">/acme/organization_units</emphasis> will be stored in
PicketLink IDM with <emphasis role="bold">acme_ou_type
group</emphasis> type name.
+ All groups under <emphasis
role="bold">/acme/roles</emphasis> will be stored in PicketLink IDM
with the <emphasis role="bold">acme_roles_type</emphasis> group type
name and groups under <emphasis
role="bold">/acme/organization_units</emphasis> will be stored in
PicketLink IDM with <emphasis role="bold">acme_ou_type</emphasis>
group type name.
</para>
<para>
For MSAD, the
<parameter>identity-object-types</parameter> values in
<filename>picketlink-idm-msad-readonly-config.xml</filename> change to: