I have a basic OpenLDAP server setup which Samba 2 is authenticating
against. My understanding is that Samba 2 is fairly picky about the
LDAP scheme it uses, so I don't want to mess with this. The current
LdapPasswordAuthenticationDao assumes that the user will be identified
by CN=username,... with the scheme we are using the users are
identified by uid=username,... I have previously solved this by using
a MessageFormat (the way Tomcat's JNDI authenticator does); but am not
to particular about how so long as I can get authentication to work, so
to stick with what was already in the LdapPasswordAuthenticationDao I
added a property "userAttribute" - which defaults to "CN" but can be
changes. I also took the liberty of adding some getter methods, etc...
All is included in the attached diff file (unified format, 3 lines of
context).
--
Robert r. Sanders
Chief Technologist
iPOV
(334) 821-5412
www.ipov.net
@@ -49,7 +49,20 @@
/**
* This is an example <code>PasswordAuthenticationDao</code> implementation
- * using LDAP service for user authentication.
+ * using LDAP service for user authentication.
+ *
+ * <p>Example use: <br/>
+ * <bean id="ldapDaoImpl"
class="net.sf.acegisecurity.providers.dao.ldap.LdapPasswordAuthenticationDao">
<br/>
+ * <property
name="host"><value>sydney.ipov.info</value></property>
<br/>
+ * <property
name="rootContext"><value>dc=ipov,dc=info</value></property>
<br/>
+ * <property
name="userContext"><alue>ou=Users</value></property> <br/>
+ * <property
name="userAttribute"><value>uid</value></property> <br/>
+ * </bean> <br/>
+ * ...<br/>
+ * <bean id="authenticationProvider"
class="net.sf.acegisecurity.providers.dao.PasswordDaoAuthenticationProvider">
<br/>
+ * <property name="passwordAuthenticationDao"><ref
local="ldapDaoImpl"/></property> <br/>
+ * </bean> <br/>
+ * </p>
*
* @author Karel Miarka
* @author Daniel Miller
@@ -65,8 +78,12 @@
private String host;
private String rootContext;
private String userContext = "CN=Users";
+ private String userAttribute = "CN"; // ??? is this the
right code??
private String[] rolesAttributes = {"memberOf"};
private int port = 389;
+
+ /** The INITIAL_CONTEXT_FACTORY for use with JNDI. */
+ private String initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
//~ Methods
================================================================
@@ -128,26 +145,15 @@
Hashtable env = new Hashtable(11);
- env.put(Context.INITIAL_CONTEXT_FACTORY,
- "com.sun.jndi.ldap.LdapCtxFactory");
-
- StringBuffer providerUrl = new StringBuffer();
- providerUrl.append("ldap://");
- providerUrl.append(this.host);
- providerUrl.append(":");
- providerUrl.append(this.port);
- providerUrl.append("/");
- providerUrl.append(this.rootContext);
-
- env.put(Context.PROVIDER_URL, providerUrl.toString());
+ env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
+ env.put(Context.PROVIDER_URL, getProviderURL());
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, getUserPrincipal(username));
env.put(Context.SECURITY_CREDENTIALS, password);
try {
if (log.isDebugEnabled()) {
- log.debug("Connecting to " + providerUrl + " as "
- + getUserPrincipal(username));
+ log.debug("Connecting to " + getProviderURL() + " as " +
getUserPrincipal(username));
}
DirContext ctx = new InitialDirContext(env);
@@ -196,6 +202,17 @@
return grantedAuthorities;
}
+
+ public String getProviderURL() {
+ StringBuffer providerUrl = new StringBuffer();
+ providerUrl.append("ldap://");
+ providerUrl.append(this.host);
+ providerUrl.append(":");
+ providerUrl.append(this.port);
+ providerUrl.append("/");
+ providerUrl.append(this.rootContext);
+ return providerUrl.toString();
+ }
/**
* Get a <code>GrantedAuthority</code> given a role obtained from the LDAP
@@ -293,17 +310,15 @@
/**
* Get the <code>Context.SECURITY_PRINCIPAL</code> for the given username
- * string. This implementation returns a string composed of the following:
- * <usernamePrefix><username><usernameSufix. This function
- * may be overridden in a subclass.
+ * string. This implementation returns the userBase for JNDI / LDAP lookup.
*
* @param username DOCUMENT ME!
*
* @return DOCUMENT ME!
*/
protected String getUserPrincipal(String username) {
- StringBuffer principal = new StringBuffer();
- principal.append("CN=");
+ StringBuffer principal = new StringBuffer(userAttribute);
+ principal.append("=");
principal.append(username);
principal.append(",");
principal.append(this.userContext);
@@ -331,4 +345,46 @@
return matchAttrs;
}
+
+ /**
+ * @return Returns the initialContextFactory.
+ */
+ public String getInitialContextFactory() {
+ return initialContextFactory;
+ }
+
+ /**
+ * @param initialContextFactory The initialContextFactory to set.
+ */
+ public void setInitialContextFactory(String initialContextFactory) {
+ this.initialContextFactory = initialContextFactory;
+ }
+
+ /**
+ * @return Returns the host.
+ */
+ public String getHost() {
+ return host;
+ }
+
+ /**
+ * @return Returns the port.
+ */
+ public int getPort() {
+ return port;
+ }
+
+ /**
+ * @return Returns the userAttribute.
+ */
+ public String getUserAttribute() {
+ return userAttribute;
+ }
+
+ /**
+ * @param userAttribute The userAttribute to set.
+ */
+ public void setUserAttribute(String userAttribute) {
+ this.userAttribute = userAttribute;
+ }
}