Announcement Announcement Module
Collapse
No announcement yet.
LdapAuthenticationProvider Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • LdapAuthenticationProvider

    Hi

    Im using active directory to do authentication and to fetch roles from.
    This is my xml:

    <bean id="initialDirContextFactory"
    class="org.acegisecurity.ldap.DefaultInitialDirCon textFactory">
    <constructor-arg value="ldap://sedc02.hm.com:3268/ou=Consultants,ou=Users,ou=se,ou=hm,dc=hm,dc=com"/>
    <property name="managerDn">
    <value>CN=Poromaa Magnus,OU=Consultants,OU=Users,OU=SE,OU=HM,DC=hm,D C=com</value>
    </property>
    <property name="managerPassword">
    <value>dat95mp5</value>
    </property>
    </bean>

    <bean id="userSearch" class="org.acegisecurity.ldap.search.FilterBasedLd apUserSearch">
    <constructor-arg index="0">
    <value></value>
    </constructor-arg>
    <constructor-arg index="1">
    <value>(sAMAccountName={0})</value>
    </constructor-arg>
    <constructor-arg index="2">
    <ref local="initialDirContextFactory"/>
    </constructor-arg>
    <property name="searchSubtree">
    <value>true</value>
    </property>
    </bean>

    <bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthen ticationProvider">
    <constructor-arg>
    <bean class="org.acegisecurity.providers.ldap.authentica tor.BindAuthenticator">
    <constructor-arg>
    <ref local="initialDirContextFactory"/>
    </constructor-arg>
    <property name="userSearch">
    <ref local="userSearch"/>
    </property>
    </bean>
    </constructor-arg>
    <constructor-arg>
    <bean class="org.acegisecurity.providers.ldap.populator. DefaultLdapAuthoritiesPopulator">
    <constructor-arg>
    <ref local="initialDirContextFactory"/>
    </constructor-arg>
    <constructor-arg>
    <value></value>
    </constructor-arg>
    <property name="convertToUpperCase">
    <value>true</value>
    </property>
    <property name="rolePrefix">
    <value>ROLE_</value>
    </property>
    <property name="searchSubtree">
    <value>true</value>
    </property>
    <property name="groupSearchFilter">
    <value>(memberOf={0})</value>
    </property>
    <property name="defaultRole">
    <value>ROLE_USER</value>
    </property>
    </bean>
    </constructor-arg>
    </bean>


    My question is. My initialDirContextFactory point to ou=Consultants,ou=Users,ou=se,ou=hm,dc=hm,dc=com and after succefully authenticating I nedd to get the attributes memberOf from the users directory being: cn=Magnus Poromaa,ou=Consultants,ou=Users,ou=se,ou=hm,dc=hm, dc=com

    Then if looking at the DefaultLdapAuthoritiesPopulator the second consytructor argument specifies the group search base, which I have non and the group search filter is (memberOf={0}).

    Here comes the problem How does the DefaultLdapAuthoritiesPopulator know that it should go into the users directory cn=Poromaa Magnus to get the memberOf attributes and not stay in its parent. Also if I specify searchSubtree=true, want it mean that all users will get all roles from every other user.

    Cheers
    Magnus

  • #2
    Forget it

    After browing abit it all became cleare, just forget it

    Magnus

    Comment

    Working...
    X