Re: [higgins-dev] Making progress on higgins.eclipse.org

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [higgins-dev] Making progress on higgins.eclipse.org

From: Michael McIntosh <mikemci@xxxxxxxxxx>
Date: Mon, 8 Jan 2007 14:44:53 -0500
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>

higgins-dev-bounces@xxxxxxxxxxx wrote on 01/08/2007 01:48:55 PM:

> Mike,
> 
> The LDAP CP does not require any particular set of schema to be 
> present.  Applications may, but the CP itself does not.  The 

I guess I am confused. If no specific schema is required, how does the CP 
decide which attributeValue from LDAP should be used when it is asked for 
one of the Claim URIs?

> required CP configuration isn't too bad, I'll include the config we 
> used on the WAG server for the IIW demo here:
> 
> <bci:realms 
> xmlns:bci="http://www.bandit-project.org/commonidentity"; 
> xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
>         <bci:realm 
>         connectorType="org.bandit.ia.connectors.
> LDAPConnectorInitialCtxFactory" 
>         desc="Corporate LDAP Directory"
>         id="Corporate-LDAP-Server">
>                 <bci:connection xsi:type="bci:LDAPConnector">
>                         <bci:address>ldap://localhost:389</bci:address>
>                         <bci:dsnameprefix>cn=</bci:dsnameprefix>
>                         <bci:dsnamepostfix>,ou=people,dc=wag,
> dc=bandit-project,dc=org</bci:dsnamepostfix>
>                 </bci:connection>
>                 <bci:env prop="java.naming.security.authentication" 
> value="simple" />
>                 <bci:env prop="java.naming.ldap.attributes.binary" 
> value="GUID" />
>         </bci:realm>
> </bci:realms>
> 
> Note that the name prefix configuration is what allowed us to pass 
> simple names thru IdAS to the LDAP CP like "tdoman".  This will go 
> away when we finish our mapping CP implementation.

Can you say more about allowed values for 
java.naming.security.authentication and 
java.naming.ldap.attributes.binary?
 
> As for the LDAP store itself and what data is there, what would you 
> like to do?  Here are a few choices:
> 1. Point your LDAP CP configuration at the LDAP directory running on
> ldap://wag.bandit-project.org or ldaps://wag.bandit-project.org.
> 2. Use the Novell created LDAP utility we've used to unit test our 
> LDAP CP while it was developed in the bandit project.  It's backed 
> by an XML file with it's own format.
> 3. Install, configure, and populate an LDAP server\store of your own.

I am leaning towards #3 since I'd like the install to be as self contained 
as possible (and the Eclipse Firewall rules are brutal).
I tried #2, but it seems to require X Windows on Linux and that machine 
does not have it installed.
 
> Thanks,
> Tom
> 
> >>> Michael McIntosh <mikemci@xxxxxxxxxx> 1/7/2007 9:22 AM >>>
> Tom,
> 
> I am not very directory server savvy - can you send me whatever schema 
> files and other configuration details I'd need to have a directory work 
> with your LDAP CP?
> 
> Thanks,
> Mike
> 
> higgins-dev-bounces@xxxxxxxxxxx wrote on 01/02/2007 01:19:08 PM:
> 
> > Mike,
> > 
> > You shouldn't need anything more than what we've already setup on 
> > the demo machines with the exception of an LDAP server of your 
> > choice.  The LDAP CP configuration file would only need to be 
> > modified to point at that source.  Of course, it'd be up to you to 
> > make sure that the data you want is loaded there as well.  Anyway, 
> > what else do you need help with?
> > 
> > Tom
> > 
> > >>> Michael McIntosh <mikemci@xxxxxxxxxx> 12/21/06 1:32 PM >>>
> > Thanks to Valery, I've made some progress on configuring 
> > higgins.eclipse.org.
> > I need to get the LDAP CP configured on this machine.
> > Can someone from Novell help me to understand what needs to be 
installed 
> 
> > and configured on this machine?
> > 
> > thanks,
> > Mike
> > _______________________________________________
> > higgins-dev mailing list
> > higgins-dev@xxxxxxxxxxx 
> > https://dev.eclipse.org/mailman/listinfo/higgins-dev 
> > _______________________________________________
> > higgins-dev mailing list
> > higgins-dev@xxxxxxxxxxx 
> > https://dev.eclipse.org/mailman/listinfo/higgins-dev 
> 
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx 
> https://dev.eclipse.org/mailman/listinfo/higgins-dev
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev

Follow-Ups:
- Re: [higgins-dev] Making progress on higgins.eclipse.org
  - From: Tom Doman

References:
- Re: [higgins-dev] Making progress on higgins.eclipse.org
  - From: Tom Doman

Prev by Date: Re: [higgins-dev] Making progress on higgins.eclipse.org
Next by Date: Re: [higgins-dev] Using self-issued card as AuthN method for managed card
Previous by thread: Re: [higgins-dev] Making progress on higgins.eclipse.org
Next by thread: Re: [higgins-dev] Making progress on higgins.eclipse.org
Index(es):
- Date
- Thread

Breadcrumbs