From portal-commits at lists.jboss.org Mon Mar  5 08:40:33 2007
Content-Type: multipart/mixed; boundary="===============7180173238825567235=="
MIME-Version: 1.0
From: portal-commits at lists.jboss.org
To: portal-commits at lists.jboss.org
Subject: [portal-commits] JBoss Portal SVN: r6539 -
 docs/trunk/referenceGuide/en/modules.
Date: Mon, 05 Mar 2007 08:40:33 -0500
Message-ID: <E1HODQX-0007nn-L3@committer01.frg.pub.inap.atl.jboss.com>

--===============7180173238825567235==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Author: bdaw
Date: 2007-03-05 08:40:33 -0500 (Mon, 05 Mar 2007)
New Revision: 6539

Modified:
   docs/trunk/referenceGuide/en/modules/ldap.xml
Log:
anorther part of ldap chapter

Modified: docs/trunk/referenceGuide/en/modules/ldap.xml
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- docs/trunk/referenceGuide/en/modules/ldap.xml	2007-03-05 13:22:46 UTC (=
rev 6538)
+++ docs/trunk/referenceGuide/en/modules/ldap.xml	2007-03-05 13:40:33 UTC (=
rev 6539)
@@ -153,33 +153,162 @@
       <title>LDAP Identity Modules</title>
       <para>TODO:</para>
       <sect2>
+         <title>Common settings</title>
+         <para>For all modules you can set two config options:
+            <itemizedlist>
+               <listitem>
+                  <emphasis role=3D"bold">jndiName</emphasis> - JNDI name =
under which this module will be registered
+               </listitem>
+               <listitem>
+                  <emphasis role=3D"bold">connectionJNDIName</emphasis> - =
JNDI name under which LDAP datasource is registered =

+               </listitem>
+            </itemizedlist>
+            <note>Most configuration of LDAP identity modules is done in <=
emphasis>options</emphasis> section by adding module specific options
+            in <emphasis>"common"</emphasis> option-group or in other modu=
le specific groups.</note>
+         </para>
+      </sect2>
+      <sect2>
          <title>UserModule</title>
          <sect3>
             <title>LDAPUserModuleImpl</title>
             <para>TODO:</para>
-            <para>org.jboss.portal.identity.ldap.LDAPUserModuleImpl option=
s:
+            <para>This is the base implementation of LDAP <emphasis>UserMo=
dule</emphasis>. It supports user creation, but will retreive users and cre=
ate them
+            in strictly specified place in LDAP tree.</para>
+            <para>To enable it in your configuration you should have:
+               <programlisting>
+                  <![CDATA[
+                  <module>
+                     <!--type used to correctly map in IdentityContext reg=
istry-->
+                     <type>User</type>
+                     <implementation>LDAP</implementation>
+                     <config/>
+                  </module>
+                  ]]>
+               </programlisting>
+            </para>
+            <para>org.jboss.portal.identity.ldap.LDAPUserModuleImpl config=
uration option-groups options:
                <itemizedlist>
                   <listitem>
-                     <emphasis role=3D"bold"></emphasis> - =

+                     <emphasis role=3D"bold">common</emphasis>:
+                     <itemizedlist>
+                        <listitem>
+                           <emphasis role=3D"bold">userCtxDN</emphasis> - =
DN that will be used as context for user searches
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">uidAttributeID</emphasi=
s> - attribute name under which user name is specified. Default value is "u=
id"
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">passwordAttributeID</em=
phasis> - attribute name under which user password is specified. Default va=
lue is "userPassword"
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">principalDNPrefix</emph=
asis> and <emphasis role=3D"bold">principalDNSuffix</emphasis>
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">searchTimeLimit</emphas=
is> - The timeout in milliseconds for the user searches. Defaults to 10000 =
(10 seconds).
+                        </listitem>
+                     </itemizedlist>
                   </listitem>
                   <listitem>
-                     <emphasis role=3D"bold"></emphasis> -
+                     <emphasis role=3D"bold">userCreateAttibutes</emphasis=
>: This option-group defines a set of ldap attributes that will be set on u=
ser entry creation.
+                     Option name will be used as attribute name, and optio=
n values as attribute values. This enables to fulfill LDAP schema requireme=
nts.
                   </listitem>
                </itemizedlist>
+               Example configuration:
+               <programlisting>
+                  <![CDATA[
+      <option-group>
+         <group-name>common</group-name>
+         <option>
+            <name>userCtxDN</name>
+            <value>ou=3DPeople,o=3Dportal,dc=3Dmy-domain,dc=3Dcom</value>
+         </option>
+         <option>
+            <name>uidAttributeID</name>
+            <value>uid</value>
+         </option>
+         <option>
+            <name>passwordAttributeID</name>
+            <value>userPassword</value>
+         </option>
+      </option-group>
+      <option-group>
+         <group-name>userCreateAttibutes</group-name>
+         <option>
+            <name>objectClass</name>
+            <!--This objectclasses should work with Red Hat Directory-->
+            <value>top</value>
+            <value>person</value>
+            <value>inetOrgPerson</value>
+         </option>
+         <!--Schema requires those to have initial value-->
+         <option>
+            <name>cn</name>
+            <value>none</value>
+         </option>
+         <option>
+            <name>sn</name>
+            <value>none</value>
+         </option>
+      </option-group>
+                  ]]>
+               </programlisting>
+
             </para>
          </sect3>
          <sect3>
             <title>LDAPExtUserModuleImpl</title>
             <para>TODO:</para>
-            <para>org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl opt=
ions:
+            <para>This module doesn't support user creation and removal</p=
ara>
+            <para>To enable it in your configuration you should have:
+               <programlisting>
+                  <![CDATA[
+                  <module>
+                     <!--type used to correctly map in IdentityContext reg=
istry-->
+                     <type>User</type>
+                     <implementation>LDAP</implementation>
+                     <class>org.jboss.portal.identity.ldap.LDAPExtUserModu=
leImpl</class>
+                     <config/>
+                  </module>
+                  ]]>
+               </programlisting>
+            </para>
+            <para>org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl con=
figuration option-groups options:
                <itemizedlist>
                   <listitem>
-                     <emphasis role=3D"bold"></emphasis> -
+                     <emphasis role=3D"bold">common</emphasis>:
+                     <itemizedlist>
+                        <listitem>
+                           <emphasis role=3D"bold">userCtxDN</emphasis> - =
DN that will be used as context for user searches
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">userSearchFilter</empha=
sis> - ldap filter to search users with. {0} will be substitute with user n=
ame. Example filter can look like this:
+                           "(uid=3D{0})". This substituion behavior comes =
from the standard <emphasis>DirContext.search(Name, String, Object, SearchC=
ontrols cons)</emphasis> method
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">uidAttributeID</emphasi=
s> - attribute name under which user name is specified. Default value is "u=
id"
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">searchTimeLimit</emphas=
is> - The timeout in milliseconds for the user searches. Defaults to 10000 =
(10 seconds).
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">searchScope</emphasis> =
- Sets the search scope to one of the strings. The default is SUBTREE_SCOPE.
+                           <itemizedlist>
+                              <listitem>
+                                 <emphasis role=3D"bold">OBJECT_SCOPE</emp=
hasis> - only search the named users context.
+                              </listitem>
+                              <listitem>
+                                 <emphasis role=3D"bold">ONELEVEL_SCOPE</e=
mphasis> - search directly under the named users context.
+                              </listitem>
+                              <listitem>
+                                 <emphasis role=3D"bold">SUBTREE_SCOPE</em=
phasis> - If the users context is not a <emphasis>DirContext</emphasis>, se=
arch only the object.
+                                 If the users context is a <emphasis>DirCo=
ntext</emphasis>, search the subtree rooted at the named object, including =
the named object itself.
+                              </listitem>
+                           </itemizedlist>
+                        </listitem>
+                     </itemizedlist>
                   </listitem>
-                  <listitem>
-                     <emphasis role=3D"bold"></emphasis> -
-                  </listitem>
                </itemizedlist>
+
             </para>
          </sect3>
       </sect2>
@@ -188,28 +317,94 @@
          <sect3>
             <title>LDAPRoleModuleImpl</title>
             <para>TODO:</para>
-            <para>org.jboss.portal.identity.ldap.LDAPRoleModuleImpl option=
s:
+            <para>To enable it in your configuration you should have:
+               <programlisting>
+                  <![CDATA[
+                  <module>
+                     <!--type used to correctly map in IdentityContext reg=
istry-->
+                     <type>Role</type>
+                     <implementation>LDAP</implementation>
+                     <config/>
+                  </module>
+                  ]]>
+               </programlisting>
+            </para>
+            <para>org.jboss.portal.identity.ldap.LDAPRoleModuleImpl config=
uration option-groups options:
                <itemizedlist>
                   <listitem>
-                     <emphasis role=3D"bold"></emphasis> -
+                     <emphasis role=3D"bold">common</emphasis>:
+                     <itemizedlist>
+                        <listitem>
+                           <emphasis role=3D"bold">roleCtxDN</emphasis> - =
DN that will be used as context for role searches.
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">ridAttributeID</emphasi=
s> - attribute name under which role name is specified. Default value is "c=
n".
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">roleDisplayNameAttribut=
eID</emphasis> - attribute name under which role display name is specified.=
 Default value is "cn".
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">searchTimeLimit</emphas=
is> - The timeout in milliseconds for the roles searches. Defaults to 10000=
 (10 seconds).
+                        </listitem>
+                     </itemizedlist>
                   </listitem>
-                  <listitem>
-                     <emphasis role=3D"bold"></emphasis> -
-                  </listitem>
                </itemizedlist>
             </para>
          </sect3>
          <sect3>
             <title>LDAPExtRoleModuleImpl</title>
             <para>TODO:</para>
-            <para>org.jboss.portal.identity.ldap.LDAPExtRoleModuleImpl opt=
ions:
+            <para>To enable it in your configuration you should have:
+               <programlisting>
+                  <![CDATA[
+                  <module>
+                     <!--type used to correctly map in IdentityContext reg=
istry-->
+                     <type>Role</type>
+                     <implementation>LDAP</implementation>
+                     <class>org.jboss.portal.identity.ldap.LDAPExtRoleModu=
leImpl</class>
+                     <config/>
+                  </module>
+                  ]]>
+               </programlisting>
+            </para>
+            <para>org.jboss.portal.identity.ldap.LDAPExtRoleModuleImpl con=
figuration option-groups options:
                <itemizedlist>
                   <listitem>
-                     <emphasis role=3D"bold"></emphasis> -
+                     <emphasis role=3D"bold">common</emphasis>:
+                     <itemizedlist>
+                        <listitem>
+                           <emphasis role=3D"bold">roleCtxDN</emphasis> - =
DN that will be used as context for role searches
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">roleSearchFilter</empha=
sis> - ldap filter to search roles with. {0} will be substitute with role n=
ame. Example filter can look like this:
+                           "(cn=3D{0})". This substituion behavior comes f=
rom the standard <emphasis>DirContext.search(Name, String, Object, SearchCo=
ntrols cons)</emphasis> method.
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">ridAttributeID</emphasi=
s> - attribute name under which role name is specified. Default value is "c=
n".
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">roleDisplayNameAttribut=
eID</emphasis> - attribute name under which role display name is specified.=
 Default value is "cn".
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">searchTimeLimit</emphas=
is> - The timeout in milliseconds for the roles searches. Defaults to 10000=
 (10 seconds).
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">searchScope</emphasis> =
- Sets the search scope to one of the strings. The default is SUBTREE_SCOPE.
+                           <itemizedlist>
+                              <listitem>
+                                 <emphasis role=3D"bold">OBJECT_SCOPE</emp=
hasis> - only search the named roles context.
+                              </listitem>
+                              <listitem>
+                                 <emphasis role=3D"bold">ONELEVEL_SCOPE</e=
mphasis> - search directly under the named roles context.
+                              </listitem>
+                              <listitem>
+                                 <emphasis role=3D"bold">SUBTREE_SCOPE</em=
phasis> - If the roles context is not a <emphasis>DirContext</emphasis>, se=
arch only the object.
+                                 If the roles context is a <emphasis>DirCo=
ntext</emphasis>, search the subtree rooted at the named object, including =
the named object itself.
+                              </listitem>
+                           </itemizedlist>
+                        </listitem>
+                     </itemizedlist>
                   </listitem>
-                  <listitem>
-                     <emphasis role=3D"bold"></emphasis> -
-                  </listitem>
                </itemizedlist>
             </para>
          </sect3>
@@ -217,30 +412,71 @@
       <sect2>
          <title>MembershipModule</title>
          <sect3>
-            <title>LDAPStaticRoleMembershipModuleImpl</title>
+            <title>LDAPStaticGroupMembershipModuleImpl</title>
             <para>TODO:</para>
-            <para>org.jboss.portal.identity.ldap.LDAPStaticRoleMembershipM=
oduleImpl options:
+            <para>This module support tree shape where role entries keep i=
nformation about users that are their members.</para>
+            <para>To enable it in your configuration you should have:
+               <programlisting>
+                  <![CDATA[
+                  <module>
+                     <!--type used to correctly map in IdentityContext reg=
istry-->
+                     <type>Membership</type>
+                     <implementation>LDAP</implementation>
+                     <config/>
+                  </module>
+                  ]]>
+               </programlisting>
+            </para>
+            <para>org.jboss.portal.identity.ldap.LDAPStaticGroupMembership=
ModuleImpl configuration option-groups options:
                <itemizedlist>
                   <listitem>
-                     <emphasis role=3D"bold"></emphasis> -
+                     <emphasis role=3D"bold">common</emphasis>:
+                     <itemizedlist>
+                        <listitem>
+                           <emphasis role=3D"bold">membershipAttributeID</=
emphasis> - LDAP attribute that defines member users ids. This will be used=
 to retreived users from role
+                           entry.
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">membershipAttributeIsDN=
</emphasis> - defines if values of attribute defined in <emphasis>membershi=
pAttributeID</emphasis> are fully qualified
+                           LDAP DNs.
+                        </listitem>
+                     </itemizedlist>
                   </listitem>
-                  <listitem>
-                     <emphasis role=3D"bold"></emphasis> -
-                  </listitem>
                </itemizedlist>
             </para>
          </sect3>
          <sect3>
-            <title>LDAPStaticGroupMembershipModuleImpl</title>
+            <title>LDAPStaticRoleMembershipModuleImpl</title>
             <para>TODO:</para>
-            <para>org.jboss.portal.identity.ldap.LDAPStaticGroupMembership=
ModuleImpl options:
+            <para>This module support tree shape where user entries keep i=
nformation about roles that they belong to.</para>
+            <para>To enable it in your configuration you should have:
+               <programlisting>
+                  <![CDATA[
+                  <module>
+                     <!--type used to correctly map in IdentityContext reg=
istry-->
+                     <type>Membership</type>
+                     <implementation>LDAP</implementation>
+                     <class>org.jboss.portal.identity.ldap.LDAPStaticRoleM=
embershipModuleImpl</class>
+                     <config/>
+                  </module>
+                  ]]>
+               </programlisting>
+            </para>
+            <para>org.jboss.portal.identity.ldap.LDAPStaticRoleMembershipM=
oduleImpl configuration option-groups options:
                <itemizedlist>
                   <listitem>
-                     <emphasis role=3D"bold"></emphasis> -
+                     <emphasis role=3D"bold">common</emphasis>:
+                     <itemizedlist>
+                        <listitem>
+                           <emphasis role=3D"bold">membershipAttributeID</=
emphasis> - LDAP attribute that defines role ids that user belongs to. This=
 will be used to retreived roles
+                           from user entry.
+                        </listitem>
+                        <listitem>
+                           <emphasis role=3D"bold">membershipAttributeIsDN=
</emphasis> - defines if values of attribute defined in <emphasis>membershi=
pAttributeID</emphasis> are fully qualified
+                           LDAP DNs.
+                        </listitem>
+                     </itemizedlist>
                   </listitem>
-                  <listitem>
-                     <emphasis role=3D"bold"></emphasis> -
-                  </listitem>
                </itemizedlist>
             </para>
          </sect3>
@@ -250,14 +486,49 @@
          <sect3>
             <title>LDAPUserProfileModuleImpl</title>
             <para>TODO:</para>
-            <para>org.jboss.portal.identity.ldap.LDAPUserModuleImpl option=
s:
+            <para>To enable it in your configuration you should have:
+               <programlisting>
+                  <![CDATA[
+                  <module>
+                     <type>UserProfile</type>
+                     <implementation>DELEGATING</implementation>
+                     <config>
+                        <option>
+                           <name>ldapModuleJNDIName</name>
+                           <value>java:/portal/LDAPUserProfileModule</valu=
e>
+                        </option>
+                     </config>
+                  </module>
+                  <module>
+                     <type>DBDelegateUserProfile</type>
+                     <implementation>DB</implementation>
+                     <config>
+                        <option>
+                           <name>randomSynchronizePassword</name>
+                           <value>true</value>
+                        </option>
+                     </config>
+                  </module>
+                  <module>
+                     <type>LDAPDelegateUserProfile</type>
+                     <implementation>LDAP</implementation>
+                     <config/>
+                  </module>
+                  ]]>
+               </programlisting>
+               <note>Using such configuration you will have LDAP Membershi=
pModule along with DB MembershipModule and Delegating MembershipModule</not=
e>
+            </para>
+            <para>org.jboss.portal.identity.ldap.LDAPUserModuleImpl config=
uration option-groups options:
                <itemizedlist>
                   <listitem>
-                     <emphasis role=3D"bold"></emphasis> -
+                     <emphasis role=3D"bold">common</emphasis>:
+                     <itemizedlist>
+                        <listitem>
+                           <emphasis role=3D"bold">profileConfigFile</emph=
asis> - file with user profile configuration. If this option is not set, an=
d we use delegating UserProfileModule,
+                            profile configuration will be obtained from it.
+                        </listitem>
+                     </itemizedlist>
                   </listitem>
-                  <listitem>
-                     <emphasis role=3D"bold"></emphasis> -
-                  </listitem>
                </itemizedlist>
             </para>
          </sect3>
@@ -265,6 +536,7 @@
    </sect1>
    <sect1>
       <title>LDAP server tree shapes</title>
+      <para>TODO:</para>
    </sect1>
    <sect1>
       <title>Supported LDAP servers</title>


--===============7180173238825567235==--