howto/ldap-howto.html - turbine-core.git - Git at Google

 <!DOCTYPE html>


 <!--
  | Generated by Apache Maven Doxia Site Renderer 2.0.0 from src/site/xdoc/howto/ldap-howto.xml at 10 Sep 2025
  | Rendered using Apache Maven Fluido Skin 2.1.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <meta name="generator" content="Apache Maven Doxia Site Renderer 2.0.0" />
     <title>LDAP Howto – Apache Turbine</title>
     <link rel="stylesheet" href="../css/apache-maven-fluido-2.1.0.min.css" />
     <link rel="stylesheet" href="../css/site.css" />
     <link rel="stylesheet" href="../css/print.css" media="print" />
     <script src="../js/apache-maven-fluido-2.1.0.min.js"></script>
 <link rel="icon" type="image/png" sizes="48x48" href="https://apache.org/favicons/favicon.ico">
       <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
     <style>.github-fork-ribbon:before { background-color: orange; }</style>
   </head>
   <body>
     <a class="github-fork-ribbon right-top" href="https://github.com/apache/turbine-build" data-ribbon="Fork me on GitHub">Fork me on GitHub</a>
     <div class="container-fluid container-fluid-top">
       <header>
         <div id="banner">
           <div class="pull-left"><div id="bannerLeft"><h1><a href="https://turbine.apache.org/"><img src="https://www.apache.org/img/feather_glyph_notm.png" style="width: 50px;" /> The Apache Turbine project</a></h1></div></div>
           <div class="pull-right"><div id="bannerRight"><h1><a href="https://turbine.apache.org/"><img src="https://turbine.apache.org/images/logo.gif" alt="Apache Turbine" /></a></h1></div></div>
           <div class="clear"><hr/></div>
         </div>

         <div id="breadcrumbs">
           <ul class="breadcrumb">
         <li id="publishDate">Last Published: 01 Apr 2025<span class="divider">|</span>
 </li>
           <li id="projectVersion">Version: 7.1-SNAPSHOT</li>
         <li class="pull-right"><span class="divider">|</span>
 <a href="https://turbine.apache.org/fulcrum/">Fulcrum</a></li>
         <li class="pull-right"><span class="divider">|</span>
 <a href="https://turbine.apache.org/">Turbine</a></li>
         <li class="pull-right"><a href="https://www.apache.org">Apache</a></li>
           </ul>
         </div>
       </header>
       <div class="row-fluid">
         <header id="leftColumn" class="span2">
           <nav class="well sidebar-nav">
   <ul class="nav nav-list">
    <li class="nav-header">General Information</li>
     <li><a href="../index.html">Overview</a></li>
     <li><a href="../features.html">Features</a></li>
     <li><a href="../fsd.html">Specification</a></li>
     <li><a href="../getting-started.html">Getting Started</a></li>
     <li><a href="../how-to-build.html">Howto Build Turbine</a></li>
     <li><a href="../changes-report.html">Changes</a></li>
    <li class="nav-header">Documentation</li>
     <li><a href="../services/index.html"><span class="icon-chevron-right"></span>Services</a></li>
     <li><a href="../howto/index.html"><span class="icon-chevron-right"></span>Howtos</a></li>
     <li><a href="https://cwiki.apache.org/confluence/display/TURBINE">Wiki</a></li>
     <li><a href="../apidocs/index.html">JavaDocs</a></li>
    <li class="nav-header">Development</li>
     <li><a href="../proposals.html">Proposals</a></li>
     <li><a href="../how-to-help.html">How To Help</a></li>
     <li><a href="../todo.html">Todo</a></li>
    <li class="nav-header">Project Documentation</li>
     <li><a href="../project-info.html"><span class="icon-chevron-right"></span>Project Information</a></li>
     <li><a href="../project-reports.html"><span class="icon-chevron-right"></span>Project Reports</a></li>
    <li class="nav-header">Apache</li>
     <li><a href="https://www.apache.org/">Apache Website</a></li>
     <li><a href="https://www.apache.org/licenses/">License</a></li>
     <li><a href="https://www.apache.org/foundation/how-it-works.html">How the ASF works</a></li>
     <li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
     <li><a href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
     <li><a href="https://www.apache.org/security/">Security</a></li>
   </ul>
           </nav>
           <div class="well sidebar-nav">
 <form id="search-form" action="https://www.google.com/search" method="get" >
   <input value="http://turbine.apache.org/turbine/turbine-7-0" name="sitesearch" type="hidden" />
   <input class="search-query" name="q" id="query" type="text" placeholder="Search with Google..." />
 </form>
             <div id="poweredBy">
               <div class="clear"></div>
               <div class="clear"></div>
 <a href="https://maven.apache.org/" class="builtBy" target="_blank"><img class="builtBy" alt="Built by Maven" src="../images/logos/maven-feather.png" /></a>
             </div>
           </div>
         </header>
         <main id="bodyColumn" class="span10">


  <section><a id="LDAP_Details"></a>
 <h1>LDAP Details</h1>

 <p>
 These are the details on how we came up with this schema for
 putting the user-group-permission tables in an LDAP directory. We want to
 start with the fact that for the schema proposed we have taken all new
 objectClasses and Attributes preceded by turbine to indicate that they are
 Turbine specific. We have thought about using the standard and available
 LDAP objectClasses and atributes, but finally decided to start the
 discussion with the turbine stuff.
 </p>

 <p>
 We also had to make some assumptions regarding the present use of the
 user-group-permission tables. This gave us the following schema:
   </p>
  </section>
  <section><a id="Schema"></a>
 <h1>Schema</h1>

 <pre class="prettyprint"><code>
 -- Attribute types --

 ( 1000.1.1
   NAME 'turbineGroupMember'
   DESC ''
   EQUALITY caseIgnoreMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
 )

 ( 1000.1.2
   NAME 'turbineObjectData'
   DESC ''
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
 )

 ( 1000.1.3
   NAME 'turbinePermission'
   DESC ''
   EQUALITY caseIgnoreMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 )

 ( 1000.1.4
   NAME 'turbineRoleMember'
   DESC ''
   EQUALITY caseIgnoreMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
 )

 ( 1000.1.5
   NAME 'turbineUserCreationDate'
   DESC ''
   EQUALITY caseIgnoreMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
   SINGLE-VALUE
 )

 ( 1000.1.6
   NAME 'turbineUserFirstName'
   DESC ''
   EQUALITY caseIgnoreMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 )

 ( 1000.1.7
   NAME 'turbineUserLastLogon'
   DESC ''
   EQUALITY caseIgnoreMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
   SINGLE-VALUE
 )

 ( 1000.1.8
   NAME 'turbineUserLastModifiedTime'
   DESC ''
   EQUALITY caseIgnoreMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
   SINGLE-VALUE
 )

 ( 1000.1.9
   NAME 'turbineUserLastName'
   DESC ''
   EQUALITY caseIgnoreMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 )

 ( 1000.1.10
   NAME 'turbineUserMailAddress'
   DESC ''
   EQUALITY caseIgnoreIA5Match
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
 )

 ( 1000.1.11
   NAME 'turbineUserPassword'
   DESC ''
   EQUALITY caseExactMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
   SINGLE-VALUE
 )

 ( 1000.1.12
   NAME 'turbineUserUniqueId'
   DESC ''
   EQUALITY caseIgnoreMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
   SINGLE-VALUE
 )
 -- Object classes --

 ( 1000.2.1
   NAME 'turbineGroup'
   DESC 'Turbine group'
   SUP top
   AUXILIARY
   MAY ( turbineGroupMember $ turbineObjectData )
 )

 ( 1000.2.2
   NAME 'turbineRole'
   DESC 'Turbine role'
   SUP top
   AUXILIARY
   MAY ( turbineObjectData $ turbinePermission $ turbineRoleMember )
 )

 ( 1000.2.3
   NAME 'turbineUser'
   DESC 'Turbine user'
   SUP top
   AUXILIARY
   MUST ( turbineUserUniqueId )
   MAY ( turbineObjectData $ turbineUserCreationDate $ turbineUserFirstName $
 turbineUserLastLogon $ turbineUserLastModifiedTime $ turbineUserLastName $
 turbineUserMailAddress $ turbineUserPassword )
 )
 </code></pre>
  </section>
 <section><a id="More_Details"></a>
 <h1>More Details</h1>

 <p>
 We have turbineRole that can have many turbinePermission entries. These
 are DN pointing to the turbinePermission objects. turbineUser will hold
 all user related information. turbineGroup can hold in the
 turbineGroupMember DNs of turbineUser objects. Thus having multiple
 users being member of a group. There is however no relation with role at
 this stage. The releation role - user is stored in the turbineRole
 having multiple DNs in turbineRoleMember. Then we have a user - role
 relation thus giving user permission via roles they can perform. There
 is no relation between role - user - group in one record. This could be
 possible with the DB model, but we could you put this dependancy in the
 hierarchical structure of a directory. With the separate user - role and
 user - group relations we thought we'd have the most desired relations.
 </p>

 <p>
 Please note that the Object Identifiers (OID) in this example are not
 real ones. When we go for the turbine objectClasses and attributes
 Turbine (or Apache) have to register (if they not already have) their
 own OID starting point in the IANA tree. We are fully open for dicussion
 and appreciate your feedback on the mailing list.
 </p>
 </section>

         </main>
       </div>
     </div>
     <hr/>
     <footer>
       <div class="container-fluid">
         <div class="row-fluid">
             <p>©      2000–2025
 <a href="https://www.apache.org/">The Apache Software Foundation</a>
 </p>
         </div>
       </div>
     </footer>
   </body>
 </html>
	<!DOCTYPE html>


	<!--
	\| Generated by Apache Maven Doxia Site Renderer 2.0.0 from src/site/xdoc/howto/ldap-howto.xml at 10 Sep 2025
	\| Rendered using Apache Maven Fluido Skin 2.1.0
	-->
	<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
	<head>
	<meta charset="UTF-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1" />
	<meta name="generator" content="Apache Maven Doxia Site Renderer 2.0.0" />
	<title>LDAP Howto – Apache Turbine</title>
	<link rel="stylesheet" href="../css/apache-maven-fluido-2.1.0.min.css" />
	<link rel="stylesheet" href="../css/site.css" />
	<link rel="stylesheet" href="../css/print.css" media="print" />
	<script src="../js/apache-maven-fluido-2.1.0.min.js"></script>
	<link rel="icon" type="image/png" sizes="48x48" href="https://apache.org/favicons/favicon.ico">
	<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
	<style>.github-fork-ribbon:before { background-color: orange; }</style>
	</head>
	<body>
	<a class="github-fork-ribbon right-top" href="https://github.com/apache/turbine-build" data-ribbon="Fork me on GitHub">Fork me on GitHub</a>
	<div class="container-fluid container-fluid-top">
	<header>
	<div id="banner">
	<div class="pull-left"><div id="bannerLeft"><h1><a href="https://turbine.apache.org/"><img src="https://www.apache.org/img/feather_glyph_notm.png" style="width: 50px;" /> The Apache Turbine project</a></h1></div></div>
	<div class="pull-right"><div id="bannerRight"><h1><a href="https://turbine.apache.org/"><img src="https://turbine.apache.org/images/logo.gif" alt="Apache Turbine" /></a></h1></div></div>
	<div class="clear"><hr/></div>
	</div>

	<div id="breadcrumbs">
	<ul class="breadcrumb">
	<li id="publishDate">Last Published: 01 Apr 2025<span class="divider">\|</span>
	</li>
	<li id="projectVersion">Version: 7.1-SNAPSHOT</li>
	<li class="pull-right"><span class="divider">\|</span>
	<a href="https://turbine.apache.org/fulcrum/">Fulcrum</a></li>
	<li class="pull-right"><span class="divider">\|</span>
	<a href="https://turbine.apache.org/">Turbine</a></li>
	<li class="pull-right"><a href="https://www.apache.org">Apache</a></li>
	</ul>
	</div>
	</header>
	<div class="row-fluid">
	<header id="leftColumn" class="span2">
	<nav class="well sidebar-nav">
	<ul class="nav nav-list">
	<li class="nav-header">General Information</li>
	<li><a href="../index.html">Overview</a></li>
	<li><a href="../features.html">Features</a></li>
	<li><a href="../fsd.html">Specification</a></li>
	<li><a href="../getting-started.html">Getting Started</a></li>
	<li><a href="../how-to-build.html">Howto Build Turbine</a></li>
	<li><a href="../changes-report.html">Changes</a></li>
	<li class="nav-header">Documentation</li>
	<li><a href="../services/index.html"><span class="icon-chevron-right"></span>Services</a></li>
	<li><a href="../howto/index.html"><span class="icon-chevron-right"></span>Howtos</a></li>
	<li><a href="https://cwiki.apache.org/confluence/display/TURBINE">Wiki</a></li>
	<li><a href="../apidocs/index.html">JavaDocs</a></li>
	<li class="nav-header">Development</li>
	<li><a href="../proposals.html">Proposals</a></li>
	<li><a href="../how-to-help.html">How To Help</a></li>
	<li><a href="../todo.html">Todo</a></li>
	<li class="nav-header">Project Documentation</li>
	<li><a href="../project-info.html"><span class="icon-chevron-right"></span>Project Information</a></li>
	<li><a href="../project-reports.html"><span class="icon-chevron-right"></span>Project Reports</a></li>
	<li class="nav-header">Apache</li>
	<li><a href="https://www.apache.org/">Apache Website</a></li>
	<li><a href="https://www.apache.org/licenses/">License</a></li>
	<li><a href="https://www.apache.org/foundation/how-it-works.html">How the ASF works</a></li>
	<li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
	<li><a href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
	<li><a href="https://www.apache.org/security/">Security</a></li>
	</ul>
	</nav>
	<div class="well sidebar-nav">
	<form id="search-form" action="https://www.google.com/search" method="get" >
	<input value="http://turbine.apache.org/turbine/turbine-7-0" name="sitesearch" type="hidden" />
	<input class="search-query" name="q" id="query" type="text" placeholder="Search with Google..." />
	</form>
	<div id="poweredBy">
	<div class="clear"></div>
	<div class="clear"></div>
	<a href="https://maven.apache.org/" class="builtBy" target="_blank"><img class="builtBy" alt="Built by Maven" src="../images/logos/maven-feather.png" /></a>
	</div>
	</div>
	</header>
	<main id="bodyColumn" class="span10">




	<section><a id="LDAP_Details"></a>
	<h1>LDAP Details</h1>

	<p>
	These are the details on how we came up with this schema for
	putting the user-group-permission tables in an LDAP directory. We want to
	start with the fact that for the schema proposed we have taken all new
	objectClasses and Attributes preceded by turbine to indicate that they are
	Turbine specific. We have thought about using the standard and available
	LDAP objectClasses and atributes, but finally decided to start the
	discussion with the turbine stuff.
	</p>

	<p>
	We also had to make some assumptions regarding the present use of the
	user-group-permission tables. This gave us the following schema:
	</p>
	</section>
	<section><a id="Schema"></a>
	<h1>Schema</h1>

	<pre class="prettyprint"><code>
	-- Attribute types --

	( 1000.1.1
	NAME 'turbineGroupMember'
	DESC ''
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
	)

	( 1000.1.2
	NAME 'turbineObjectData'
	DESC ''
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
	)

	( 1000.1.3
	NAME 'turbinePermission'
	DESC ''
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
	)

	( 1000.1.4
	NAME 'turbineRoleMember'
	DESC ''
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
	)

	( 1000.1.5
	NAME 'turbineUserCreationDate'
	DESC ''
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
	SINGLE-VALUE
	)

	( 1000.1.6
	NAME 'turbineUserFirstName'
	DESC ''
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
	)

	( 1000.1.7
	NAME 'turbineUserLastLogon'
	DESC ''
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
	SINGLE-VALUE
	)

	( 1000.1.8
	NAME 'turbineUserLastModifiedTime'
	DESC ''
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
	SINGLE-VALUE
	)

	( 1000.1.9
	NAME 'turbineUserLastName'
	DESC ''
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
	)

	( 1000.1.10
	NAME 'turbineUserMailAddress'
	DESC ''
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
	)

	( 1000.1.11
	NAME 'turbineUserPassword'
	DESC ''
	EQUALITY caseExactMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
	SINGLE-VALUE
	)

	( 1000.1.12
	NAME 'turbineUserUniqueId'
	DESC ''
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
	SINGLE-VALUE
	)
	-- Object classes --

	( 1000.2.1
	NAME 'turbineGroup'
	DESC 'Turbine group'
	SUP top
	AUXILIARY
	MAY ( turbineGroupMember $ turbineObjectData )
	)

	( 1000.2.2
	NAME 'turbineRole'
	DESC 'Turbine role'
	SUP top
	AUXILIARY
	MAY ( turbineObjectData $ turbinePermission $ turbineRoleMember )
	)

	( 1000.2.3
	NAME 'turbineUser'
	DESC 'Turbine user'
	SUP top
	AUXILIARY
	MUST ( turbineUserUniqueId )
	MAY ( turbineObjectData $ turbineUserCreationDate $ turbineUserFirstName $
	turbineUserLastLogon $ turbineUserLastModifiedTime $ turbineUserLastName $
	turbineUserMailAddress $ turbineUserPassword )
	)
	</code></pre>
	</section>
	<section><a id="More_Details"></a>
	<h1>More Details</h1>

	<p>
	We have turbineRole that can have many turbinePermission entries. These
	are DN pointing to the turbinePermission objects. turbineUser will hold
	all user related information. turbineGroup can hold in the
	turbineGroupMember DNs of turbineUser objects. Thus having multiple
	users being member of a group. There is however no relation with role at
	this stage. The releation role - user is stored in the turbineRole
	having multiple DNs in turbineRoleMember. Then we have a user - role
	relation thus giving user permission via roles they can perform. There
	is no relation between role - user - group in one record. This could be
	possible with the DB model, but we could you put this dependancy in the
	hierarchical structure of a directory. With the separate user - role and
	user - group relations we thought we'd have the most desired relations.
	</p>

	<p>
	Please note that the Object Identifiers (OID) in this example are not
	real ones. When we go for the turbine objectClasses and attributes
	Turbine (or Apache) have to register (if they not already have) their
	own OID starting point in the IANA tree. We are fully open for dicussion
	and appreciate your feedback on the mailing list.
	</p>
	</section>

	</main>
	</div>
	</div>
	<hr/>
	<footer>
	<div class="container-fluid">
	<div class="row-fluid">
	<p>© 2000–2025
	<a href="https://www.apache.org/">The Apache Software Foundation</a>
	</p>
	</div>
	</div>
	</footer>
	</body>
	</html>