Announcement Announcement Module
Collapse
No announcement yet.
Anonymous bind required for roles Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Anonymous bind required for roles

    Kia ora

    I am using openldap to store user information for logging into a web app with acegisecurity providing authentication. I'm trying to secure my openldap repository and discovered that in order to determine the user's roles, I need to allow anonymous "read" access to the roles ou. I really only want to allow anonymous "auth" access to the user's userPassword attribute which is required to allow the user to login. Is this a known issue with the ldap support in acegisec or am I just doing it wrong?

    Thanks for any assistance.

  • #2
    Could you post some code? I can't quite follow your question.

    Comment


    • #3
      You should post any questions related to Acegi or Spring Security in their forum.

      Comment


      • #4
        Yep, I've already tried that forum and received no response and thought I would try a little cross pollination. At this stage I guess I'm just stuck with allowing more anonymous access than I really want.

        Comment


        • #5
          FWIW, the problem was that I hadn't provided credentials for an acegisecurity identity in my applicationContext.xml so it was trying to use anonymous access to search for user roles.

          Code:
          <bean id="initialDirContextFactory"
                  class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
                  <constructor-arg value="ldap://localhost:389/dc=base,dc=co,dc=nz"/>
                  <!--
                  For bind authentication don't require managerDn, but it is used for 
                  picking roles without requiring anon access.
                  -->
          
                  <property name="managerDn">
                      <value>cn=acegisecurity,ou=people,dc=base,dc=co,dc=nz</value>
                  </property>
                  <property name="managerPassword">
                      <value>**************</value>
                  </property>
          </bean>

          Comment

          Working...
          X