james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mario Zsilak (JIRA)" <server-...@james.apache.org>
Subject [jira] Commented: (JAMES-934) Read-Only LDAP repository
Date Fri, 22 Jan 2010 21:16:27 GMT

    [ https://issues.apache.org/jira/browse/JAMES-934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12803874#action_12803874

Mario Zsilak commented on JAMES-934:


I need this kind of stuff in trunk as well :)
Thanks Obi and Norman!

> Read-Only LDAP repository
> -------------------------
>                 Key: JAMES-934
>                 URL: https://issues.apache.org/jira/browse/JAMES-934
>             Project: JAMES Server
>          Issue Type: New Feature
>          Components: UsersStore & UsersRepository
>    Affects Versions: 2.3.2
>         Environment: LDAP
>            Reporter: Obi Ezechukwu
>            Assignee: Norman Maurer
>         Attachments: RO-ldap-user-repository-src.zip
> My company recently adopted James 2.3.2 as a low cost mail-server. We were quite impressed
with its stability and versatility, however we did have one major problem. We wanted to authenticate
users against our existing LDAP store, thus maintaining consistency with other applications
in our technology landscape. Apart from the fact that the current LDAP support in James is
experimental, it does mandate that certain James specific groups are created in the LDAP server.
This did not go down very well with our system/security administrators.
>  We wanted a user-repository that would simply mirror the information in our LDAP repository
and not permit users to be added or changed via the James Admin console. We ended up building
this functionality ourselves on top of the 2.3.2 release. We would now like to contribute
our aptly named "ReadOnlyLDAPUserRepository" back to the James project.
> The source code is attached. For a summary of the features, please see bullet list below:

> a.) authentication against LDAP compliant server 
> b.) group/role based access restriction 
> c.) read-only feature, thus allowing organizations to manage James users through existing
security-admin tools. 
> e.) allows James to share authentication/authorization infrastructure/repository with
the rest of the applications in an IT landscape. Put differently, companies that have already
invested in a security infrastructure, can re-use it when adopting James as a mail server.
> Please find attached the fully commented source code required for this change. I am happy
to provide any additional documentation required for inclusion into the James wiki, or to
make any changes to the code required for James v3.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

View raw message