Great feedback - thanks Jared. Les
On Thu, Mar 31, 2011 at 2:29 PM, Jared Bunting <[email protected]> wrote: > Basically. > > Also a "userLookupQuery" as an alternative to "userDnTemplate". I'd be happy > to write the patch, but unfortunately by current work environment doesn't > provide me the opportunity to test LDAP authentication. So, I'll write it if > someone else can test it. > > Thanks, > Jared > > On 03/31/2011 04:26 PM, Les Hazlewood wrote: >> So you mean a 'connectionUserDn' and a 'connectionPassword' to connect >> to LDAP to perform ad-hoc queries, and not just the DN format that is >> used for authenticating end-users via a bind operation. Correct? >> >> Thanks, >> >> Les >> >> On Thu, Mar 31, 2011 at 2:03 PM, Jared Bunting >> <[email protected]> wrote: >>> As was mentioned in the other thread, the ability to do a query >>> (potentially with a configurable username/password) in order to determine >>> the user dn would be enormously useful. This is a fairly standard way to >>> do ldap authentication (typically the "username" is an attribute of the dn) >>> and shiro should probably support it by default. >>> >>> Thanks, >>> Jared >>> >>> On 03/31/2011 12:53 PM, Les Hazlewood wrote: >>>> Hi folks, >>>> >>>> The latest LDAP support currently is in the form of the JndiLdapRealm. >>>> >>>> Unfortunately, this name has confused enough people - often they think >>>> they need to be using JNDI in order to use it (this is not the case - >>>> the JNDI API itself is used as an implementation strategy, and it does >>>> not require that anything be actually stored in JNDI, but that's >>>> beside the point). >>>> >>>> Because of this, there is a Jira issue to rename it to something else >>>> for the next release (i.e. deprecate JndiLdapRealm and create a >>>> 'DefaultJndiRealm' or something like that). When we do that, we have >>>> the opportunity to make it better and/or add features. >>>> >>>> What is missing from Shiro's LDAP support that you would need in order >>>> to use it 'out-of-the-box' with your apps? Ideally I'd like to get as >>>> much in there such that subclassing is rarely necessary. >>>> >>>> All suggestions are welcome! >>>> >>>> Thanks, >>>> >>>> Les
