RE: [Acegisecurity-developer] New LDAP stuff

Mon, 30 Jan 2006 23:29:06 -0800

Title: Re: [Acegisecurity-developer] New LDAP stuff
Hi,
 
You might want to consider looking at http://forum.springframework.org/showthread.php?t=20969
Zorak has some usefull examples of connecting to different LDAP interfaces (Active Directory, Lotus Domino and  Oracle Internet Directory)
 
I noticed that, when using MS Active Directoy that setting the userDnPatterns property in the ldapAuthenticationProvider had no real effect in authenticating users. I could only authenticate against their CN and not the sAMAccountName, which is the real account name in Active Directory.
 
Also I had to add an extra JDNI constant for the Context:
java.naming.dns.url to provide a DNS which can actaully resolve devctr.local . (It was no option to change the wrongly configured LDAP DC)
 
 
Let me just show you the code of my solution to authenticate against an MS Active Directory:
 
<bean id="initialDirContextFactory"
  class="org.acegisecurity.providers.ldap.DefaultInitialDirContextFactory">
  <constructor-arg value="ldap://10.0.0.1:389/DC=DEVCTR,DC=LOCAL"/>
  <property name="managerDn">
   <value>CN=Administrator,CN=Users,DC=DEVCTR,DC=LOCAL</value>
  </property>
  <property name="managerPassword">
   <value>passwd</value>
  </property>
  <property name="extraEnvVars">
   <map>
    <entry>
     <key>
      <value>java.naming.dns.url</value>
     </key>
     <value>dns://10.0.0.1/</value>
    </entry>
    <entry>
     <key>
      <value>java.naming.referral</value>
     </key>
     <value>follow</value>
    </entry>
   </map>
  </property>
</bean>
 
 <bean id="authenticationProvider"
  class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
  <constructor-arg>
   <ref local="bindAuthenticator"/>
  </constructor-arg>
  <constructor-arg>
   <ref local="defaultLdapAuthoritiesPopulator"/>
  </constructor-arg>
  <property name="userCache">
   <ref local="userCache"/>
  </property>
 </bean>
 
   <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
   
   <bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
      <property name="cacheManager">
         <ref local="cacheManager"/>
      </property>
      <property name="cacheName">
         <value>userCache</value>
      </property>
   </bean>
  
   <bean id="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
      <property name="cache"><ref local="userCacheBackend"/></property>
   </bean>
 
 <bean id="bindAuthenticator"
  class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
  <constructor-arg>
   <ref local="initialDirContextFactory"/>
  </constructor-arg>
  <property name="userSearch">
   <ref local="userSearch"/>
  </property>
 </bean>
 
 <bean id="userSearch"
        class="org.acegisecurity.providers.ldap.search.FilterBasedLdapUserSearch">
        <property name="searchSubtree">
            <value>true</value>
        </property>
        <property name="initialDirContextFactory">
            <ref local="initialDirContextFactory" />
        </property>
        <property name="searchFilter">
            <value>(sAMAccountName={0})</value>
        </property>
    </bean>
 
 <bean id="defaultLdapAuthoritiesPopulator"
  class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
  <constructor-arg>
   <ref local="initialDirContextFactory"/>
  </constructor-arg>
  <constructor-arg>
   <value>CN=Users</value>
  </constructor-arg>
  <property name="groupSearchFilter">
   <value>(member={0})</value>
  </property>
  <property name="groupRoleAttribute">
   <value>CN</value>
  </property>
 </bean>
 
And this is what did not work with MS Active Directory
 
 <bean id="bindAuthenticator"
  class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
  <constructor-arg>
   <ref local="initialDirContextFactory"/>
  </constructor-arg>
  <property name="userDnPatterns">
   <list>
    <value>sAMAccountName={0},CN=Users</value>
   </list>
  </property>
 </bean>
 
 
regards,
Bram
 
 

Van: [EMAIL PROTECTED] namens Brandon Keepers
Verzonden: di 1/31/2006 2:02
Aan: acegisecurity-developer@lists.sourceforge.net
Onderwerp: Re: [Acegisecurity-developer] New LDAP stuff

I would be willing to do this if you wanted some help.  I've been using
the new LDAP code extensively in the last month.  If anyone else is
already working on this, just let me know.  Otherwise I'll get started
on it in the next day or so.

Brandon

On Mon, 2006-01-30 at 15:05 -0600, Ray Krueger wrote:
> Cool, that's what I hoped you would say.
>
> Now write some reference material! :P
>
> On 1/30/06, Luke Taylor <[EMAIL PROTECTED]> wrote:
> >
> >
> > Ray Krueger wrote:
> > > Hey guys, where can I point someone to if they wanted to read about
> > > LDAP support?
> > >
> > > I see the org.acegisecurity.providers.ldap package in the javadocs in
> > > the site; but that is the old stuff isn't it?
> > >
> > >
> >
> > Hi Ray,
> >
> > No, the non-sandbox stuff is up-to-date. There's also an example in the
> > contacts directory and quite a bit of information in recent forum posts.
> >
> > cheers,
> >
> > Luke.
> >
> >
> > --
> >  Luke Taylor.                      Monkey Machine Ltd.
> >  PGP Key ID: 0x57E9523C            http://www.monkeymachine.ltd.uk
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> > for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> > _______________________________________________
> > Home: http://acegisecurity.org
> > Acegisecurity-developer mailing list
> > Acegisecurity-developer@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
> >
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
> _______________________________________________
> Home: http://acegisecurity.org
> Acegisecurity-developer mailing list
> Acegisecurity-developer@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

<html><head><Meta CTGDisctag > </head>
<p></pre><i><font face="Arial" size="1">The information transmitted is intended 
only for the person or entity to which it is addressed 
and may contain confidential and/or privileged material. Any review, 
retransmission, dissemination 
or other use of, or taking of any action in reliance upon, this information by 
persons or entities 
other than the intended recipient is prohibited. If you received this in error, 
please contact the 
sender and delete the material from any computer.</font></i><pre></p>
</html>

Reply via email to