Comments (10)
The webui uses openldap to store its users (so it doesn't just need a client).
It's available in EPEL for RHEL9
https://docs.fedoraproject.org/en-US/epel/#_el9
from amlen.
But why does it have to be openldap? Couldn't it store it's users in ANY LDAP? It just seems a really weird thing to hardwire into an installation, especially when there's a page in the UI for configuring LDAP - what is that actually used for?
from amlen.
The WebUI has a local database of users allowed to login to the webui. It has to be something specific as the means of configuring, starting, stopping an ldap instance is obviously different between different servers.
There is a page in the WebUI for configuring the LDAP connection of the server - the server is just an LDAP client, the WebUI uses a local LDAP server.
from amlen.
Wow - for me that would be even more reason to not hard code the LDAP server. Most organisations will have an existing directory server they would want to use across their IT team - many would want to use some form of SSO as well.
This is being deployed into Liberty, which offers all these things and does it so well! My suggestion would be to do what pretty much every other app I've seen in Liberty does, and that is deploy in Liberty with the default Basic User Registry, and then let the end user configure Liberty for other directory systems, SSO, etc.
The Basic User Registry would let you set up the initial admin/admin user, and would then remove the need for any LDAP components in the web UI installation.
Have a look at IBM Engineering Lifecycle Management tools on jazz.net - this is a perfect example of what I am talking about. IBM's Maximo is another example
from amlen.
Yes, having the WebUI optionally use an external LDAP would be a nice feature. I'm not aware of any person or organisation who is currently working on that (or planning to work on that).
from amlen.
If I worked on this to remove all explicit LDAP dependencies and go with the default Basic User Registry as the out of the box option would this be of interest? Then the documentation could refer to the Liberty online help for people who want to configure a directory.
Then you could optionally provide a separate package to install and set up openldap using the scripts in this distro, including a prepopulated XML registry file that would connect Liberty
from amlen.
By default it should do what it does today. The user should not have to know anything about LDAP to run the WebUI on their laptop.
If you wanted to add a way of optionally configuring it to use an external LDAP provider instead that would be welcome as long as it doesn't change default behaviour and break the existing users.
from amlen.
Well, that's really just an XML file, and anybody who knows enough about Liberty will be able to do that themselves so not really worth doing. They'll just have to go through the install first to extract the good bits ;-)
From what I can see, the Web UI is a nicely contained JSP app in a war - you remove all the encumbrances around it and it'll just run anywhere Liberty does. Windows, Linux, any sort of containers - even a Pi. The way it is right now it's the installer wrapped tightly around it that makes it non-transportable, and yet that was one of the things I heard the project calling out for help with in the talks and slides I've looked at.
As I mentioned, I was a big user of the WIoTP and was looking for an alternative - I had hoped the Web UI also included the device management UI that is in IBM Cloud, so either way I'm up for a bunch of web development before I get to the same functionality. It may end up I use the server component (which is one of the best around) and build my own UI completely.
If you ever decide to move down a simplification path and to strip the WebUI installer back to something like I've mentioned - I'll always be very keen to help
from amlen.
By default it should do what it does today. The user should not have to know anything about LDAP to run the WebUI on their laptop.
And of course, the best way to have the user "not have to know anything about LDAP" would be to not use it at all by default :-). Just use the Basic User Registry instead
from amlen.
There are lots of existing users. Any switch away from openldap would need well-tested automatic migration. If you would like to work on that or on an extra, differently packaged version of the WebUI, either would be welcomed if sufficiently unlikely to break the current user base :)
from amlen.
Related Issues (20)
- Finish the 'Guide to Amlen' blog series
- Java 17 breaks the WebUI
- Change default user that Amlen runs as.
- Idea to overcome cluster problem with ip's in kubernetes HOT 2
- JMS Client to connect to Amlen and empty a queue HOT 2
- Some fields in WebUI not being translated correctly
- Amlen fail to maintenance after switch and restart HOT 3
- Missing attributes in OAuth Profile window ?
- Basic Auth Support
- WebUI admin login after new installation HOT 3
- make operator cope with changing password HOT 1
- Add a status column to the amlen crd definition HOT 1
- LDAP passwords and TLS
- Global-Shared subscriptions in cluster mode HOT 3
- Readiness probe does not check that the server is in production
- jenkins job doesn't fail if build step fails
- Deploy WebUI as part of the operator
- Persistent Volume Claim StorageClass
- MQConnectivity broken if CephFS is used HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from amlen.