Announcement Announcement Module
Collapse
No announcement yet.
Adding users to ldap Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Adding users to ldap

    Hi

    There are simple samples to authenticate, but even the Spring Security book doesn't go beyond this.
    My requirement is to also add new users to ldap, are there any docs or tutorials on this?
    Or hints to get started?

    I'm using spring-security 3.0, some unit tests would also be great that does bind, unbind etc using the new classes.
    Last edited by Taariq; Aug 12th, 2010, 01:19 AM. Reason: Additional information

  • #2
    Spring security is about securing your application, it is not a user management tool. So how y ou go about with this is basically depending on your project, structure, data etc not something spring security will fix for you.

    You are using LDAP so I suggest checking spring ldap (which btw also has some samples in the reference guide).

    Comment


    • #3
      Ah, this makes more sense, thank you.

      To ensure I understand correctly, I will design a user management system that uses spring-ldap only for authentication, and included in that is to add new users to Spring's registry via LdapTemplate.bind after I have actually authorized and added them to the LDAP directory by some other java means.
      Right?

      Comment


      • #4
        Not sure if I understand your explanation....

        You can still (and should) use Spring Security with its ldap configuration to handle all the authentication and authorization, that actually doesn't change. The only thing you need to do is to write something that inserts/updates users in LDAP. You don't really have to change/modify spring security for that.

        For the latter you can use Spring LDAP (which also explains this in its reference guide).

        Comment


        • #5
          Originally posted by Marten Deinum View Post
          Not sure if I understand your explanation....

          You can still (and should) use Spring Security with its ldap configuration to handle all the authentication and authorization, that actually doesn't change. The only thing you need to do is to write something that inserts/updates users in LDAP. You don't really have to change/modify spring security for that.

          For the latter you can use Spring LDAP (which also explains this in its reference guide).
          Oh, what I meant was that I'd have some code outside of Spring LDAP that inserts/updates users, but also the job of that subsystem is to call Spring LDAP methods such as LdapTemplate.bind(...) whose javadoc says it's to "Create an entry in the LDAP tree."

          So now I picture this LDAP tree as something Spring built up from the config during initialisation, and after that it doesn't poll for changes or anything, it relies on me to use bind after the code that does the insert/update.

          Comment


          • #6
            Bind put the user in there, would be pretty useless if it didn't would it now...

            Comment


            • #7
              Originally posted by Marten Deinum View Post
              Bind put the user in there, would be pretty useless if it didn't would it now...
              Hehe, yes that would be pretty useless, and that's what I understood originally and confused myself along the lines.

              So then back to my original question, if bind puts it there, and I confirmed this with code, and with previous release I can use ParameterizedContextMapper to find all "Person" objects for instance, then what does one do in 3.0.3?

              There is no longer SimpleLdapTemplate, now there's SpringSecurityLdapTemplate, and this does not take ParameterizedContextMapper.

              The old code would work this way...
              Code:
              public List<Person> findAll() {
                      EqualsFilter filter = new EqualsFilter("objectclass", "person");
                      return ldapTemplate.search(DistinguishedName.EMPTY_PATH,
                              filter.encode(), getContextMapper());
                  }
              
                  protected ParameterizedContextMapper<Person> getContextMapper() {
                      return new PersonContextMapper();
                  }
              
              SNIP
              
              private class PersonContextMapper implements ParameterizedContextMapper<Person> {
                      public Person mapFromContext(Object ctxt) {
                          DirContextAdapter context = (DirContextAdapter) ctxt;
                          Person person = new Person();
              
                          person.setCommonName(context.getStringAttribute("cn"));
                          person.setEncPassword(context.getObjectAttribute("userPassword"));
                          person.setDistName(context.getNameInNamespace());
                          person.setUid(context.getStringAttribute("uid"));
                          person.setFirstName(context.getStringAttribute("givenName"));
                          person.setLastName(context.getStringAttribute("sn"));
                          person.setCountry(context.getStringAttribute("l"));
                          person.setMail(context.getStringAttribute("mail"));
                          person.setDescription(context.getStringAttribute("description"));
                          person.setCompany(context.getStringAttribute("o"));
                          person.setEmployeeNumber(context.getStringAttribute("employeeNumber"));
              
                          return person;
                      }
                  }

              Comment


              • #8
                I suggest a read of the spring ldap documentation... And don't use the SpringSecurityLdapTemplate because that is for use with Spring Security only, if you want to use spring ldap use those classes which still has the SimpleLdapTemplate...

                I strongly suggest to read the ldap documentation and api docs.

                Comment


                • #9
                  I admit I have been skimming over the reference guides when more than that is needed.
                  Thanks for your help.

                  Comment

                  Working...
                  X