Announcement Announcement Module
Collapse
No announcement yet.
CanConnect? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • CanConnect?

    Hello!

    How does one, using ldapTemplate, go about checking if a single DN can connect to a ldap server using a provided password?
    Something along the line of:
    Code:
    canConnect(LdapUser user, String password)
    or something like that, returning boolean (or anything descriptive enough )?

    Thanks!

  • #2
    Anybody??

    I've been working with LdapTemplate quite a bit since i've posted my question, but still havent found anything that would be helpfull.
    Does this mean that ldaptTemplate does not have such a method??

    Thanks in advance

    Comment


    • #3
      There is no such method in Spring LDAP. For authentication we recommend Acegi Security, which includes good support for LDAP authentication.

      It would of course be possible to implement this type of functionality using Spring LDAP, but since there is another Spring Framework sub project providing that funcionality we decided not to include it, at least not at the time being.

      If you still want to implement it yourself using Spring LDAP you can get some useful tips from the code in Acegi.

      Comment


      • #4
        I've been in the same trouble as you are.
        Here is my solution :
        Code:
        public boolean checkPassword(String login, String password) {
        	log.debug("LdapServiceDao::checkPassword()");
        
        	// Construction du DN
        	DistinguishedName dn = new DistinguishedName("ou=People,dc=univ,dc=fr");
        	dn.append(new DistinguishedName(getUserDn(login)));
        
        	// Connexion manuelle
        	LdapContextSource ctxSource = new LdapContextSource();
        	ctxSource.setUrl(url);
        	ctxSource.setUserName(dn.encode());
        	ctxSource.setPassword(password);
        	ctxSource.setPooled(false);
        	try {
        	    ctxSource.afterPropertiesSet();
        	    ctxSource.getReadWriteContext();
        	    return true;
        	}
        	catch(Exception e) {
        	    return false;
        	}
            }
        The only problem is dependancy injection is broken, I have to manually construct a special LdapContextSource for each authentication.
        This LdapContextSource is no longer used after authentication for any operation.

        Comment


        • #5
          The general idea looks ok, but I think you need to perform an operation on the context in order for the actual authentication to take place. I would suspect your implementation will always return true. I might be wrong, but I think that's the way it works.

          Comment


          • #6
            Great!

            I belive that this is what i was looking for! Will try it out!
            Thank you very very much!

            Comment


            • #7
              Originally posted by rasky View Post
              The general idea looks ok, but I think you need to perform an operation on the context in order for the actual authentication to take place. I would suspect your implementation will always return true. I might be wrong, but I think that's the way it works.
              I'm really sure that it doesn't always return true, otherwise my application should be in trouble and it's not the case...

              Comment


              • #8
                Originally posted by rasky View Post
                The general idea looks ok, but I think you need to perform an operation on the context in order for the actual authentication to take place. I would suspect your implementation will always return true. I might be wrong, but I think that's the way it works.
                I just verified that simply creating a context is enough to authenticate a user. It might be provider-specific, though. I tested towards a SunONE Directory Server 5.2.

                Comment


                • #9
                  Works with Tivoli

                  Originally posted by rasky View Post
                  The general idea looks ok, but I think you need to perform an operation on the context in order for the actual authentication to take place. I would suspect your implementation will always return true. I might be wrong, but I think that's the way it works.

                  I've tested mlarchet's method with IBM Tivoli, and it works perfectly!
                  If I supply a non-existing user, I get:

                  Code:
                  org.springframework.ldap.UncategorizedLdapException: Operation failed;
                  nested exception is javax.naming.AuthenticationException: 
                  [LDAP: error code 49 - Invalid Credentials]
                  which subsequently leads to
                  Code:
                  return false;
                  which is what I need.

                  Thanks again!

                  Comment


                  • #10
                    Originally posted by miha View Post
                    I've tested mlarchet's method with IBM Tivoli, and it works perfectly!
                    Sweet! Good to be wrong sometimes

                    Comment


                    • #11
                      Excellent, just what I need.
                      But I do wonder: wouldn't an interface like ContextSourceAware be really nice? Today thera are no way of getting properties from a base LdapTemplate.

                      Comment


                      • #12
                        Originally posted by kantorn View Post
                        Excellent, just what I need.
                        But I do wonder: wouldn't an interface like ContextSourceAware be really nice? Today thera are no way of getting properties from a base LdapTemplate.
                        I'm not sure if I understand what you would like to use the ContextSourceAware interface for. Could you elaborate?

                        Comment


                        • #13
                          Include login check

                          Even though Acegi is the security framework I would love Spring LDAP to have this simple login check in it's distribution.

                          Spring LDAP seems simple and easy to use for LDAP integration.

                          Well at least someone could create a JIRA for it and see if it gets votes.

                          Comment


                          • #14
                            There is now a JIRA issue LDAP-39 which proposes a simple authentication mechanism.

                            Comment


                            • #15
                              Hi guys,

                              Just to write :THANK YOU !

                              After 2 weeks of seeking/testing/implementing a lot of "solutions" and ideas, I found this wonderful thread...

                              THANK YOU AGAIN !

                              You make me happy

                              Comment

                              Working...
                              X