Hi Stephen, The best thing to do is attach it to a Jira issue. Could you please open one and attach it?
Looking forward to it! Cheers, Les On Thu, Jan 7, 2010 at 3:43 PM, Gorman, Stephen A. <[email protected]> wrote: > I faced this same problem myself. I have an intellij project that is a > good example of how to create/use an LDAP realm. In fact what it does is > choose between two configured realms one a local ShiroDbReal and the > other LDAP. If your new to grails/groovy this is a good learning tool. I > based it off of the Scott Davis (IBM) blogito tutorial. I create some > default users that are not the plain ShiroUser but it is a trivial > modification. For my purposes I had to extend the > > class ShiroUser extends com.saic.hub.HubUser > > but again, I think you will find it elementary to see the effect. In the > end it is just a tweaked user class for my purposes and could be done > incorrectly but there you go. > > When you run the app with grails run-app it will default to the > ShiroDbRealm. If you create a file called > > file:${userHome}/.authprototype/user_config.groovy > > in that file put > > ldap.ldapUrls = 'ldap://localhost:389/' > ldap.search.base = 'ou=YOURVALUE,dc=YOURVALUE,dc=YOURVALUE,dc= > YOURVALUE' > ldap.search.user = "YOURVALUE" > ldap.search.pass = "YOURVALUE" > ldap.username.attribute = "YOURVALUE" > ldap.skip.credentialsCheck = false > ldap.allowEmptyPasswords = false > hub.auth.realmName = "ShiroLDAPRealm" > > > the hub.auth.realmName should be set to whatever name is created by > grails create-ldap-realm. I changed mine around some and ended up with > ShiroLDAPRealm. The casing is off from the original. > > > It will load your LDAP realm. The important value to trigger ldap > loading is > hub.auth.realmName. To test the application delete this line. It will > load the ShiroDbRealm and you can login with the dummy users created in > bootstrap. Once you have that working and understand it put the line > back in the user_config.groovy file. This will override the default > value that is in Config.groovy and load the LDAP realm. As long as you > have the LDAP settings correct ( that was the really hard part for me ) > you should be good. > > > I guess the question now is how do I get it to you? I will send this > message first with nothing attached and try a separate message with the > app. If it bounces we can go from there. > > sg > -----Original Message----- > From: > shiro-user-return-1140-stephen.a.gorman=saic....@incubator.apache.org > [mailto:[email protected] > e.org] On Behalf Of Les Hazlewood > Sent: Thursday, January 07, 2010 2:58 PM > To: [email protected] > Subject: Re: Confusion with the LDAP Realm > > Hi Philippe, > > You've made a great point - please open up a Jira issue so we can > track this. If there is a way to achieve generic LDAP implementation, > we'll work to have it in the 1.0 release. > > I wasn't the original author of the AbstractLdapRealm hierarchy, so I > wasn't very familiar with its implementation strategy. Any pointers > or things that you see could be improved, please include them in the > Jira issue comments. Of course, if you have any implementations or > patches or test cases, those would be great as a Jira attachment as > well (if possible). Anything helpful is appreciated! > > Cheers, > > Les > > On Thu, Jan 7, 2010 at 2:18 PM, Philippe Laflamme <[email protected]> > wrote: >> >> Hello Shiro world, >> >> I'm looking for an example LDAP Realm configuration and cannot seem to > find >> anyting. Please point me to some example if there is one. >> >> I've looked at the source and it seems that there is no implementation > of an >> LDAP Realm. The only concrete implementation is the > ActiveDirectoryRealm (I >> understand AD is similar to LDAP, but it's not == to LDAP). The > closest LDAP >> Realm I can see is AbstractLDAPRealm, which is... well... Abstract! >> >> When I read that Shiro supports LDAP realms I figured I could point it > to my >> server, specify the structure of my LDAP (DNs and so forth) and bingo! > I'd >> be able to authenticate against it. I understand that authorization > (role >> and permission mapping) is another matter, but authentication should > be >> straightforward... no? >> >> I'm no LDAP/AD expert, so am I missing something? >> >> Looking at the ActiveDirectoryRealm, I can see that the >> queryForAuthenticationInfo method is not AD-specific. Could it not > belong to >> a DefaultLDAPRealm of some sort? >> >> BTW, Atlassian Crowd has some examples of connecting to "Generic LDAP >> Directories" >> http://confluence.atlassian.com/display/CROWD/Generic+LDAP+Directories > here >> . >> -- >> View this message in context: > http://n2.nabble.com/Confusion-with-the-LDAP-Realm-tp4268254p4268254.htm > l >> Sent from the Shiro User mailing list archive at Nabble.com. >> >
