Announcement Announcement Module
Collapse
No announcement yet.
Authentication for users belonging to different LDAP groups: how to? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authentication for users belonging to different LDAP groups: how to?

    Hello.
    I'm a newbie.

    I've a login page based on spring security (I mean I use j_username, j_password, etc.). It works fine.

    Now I need to authenticate users belonging to different LDAP groups.
    More precisaly, only users belonging to some group must be logged. Othrewise they must be refused.
    Can anyone sugguest me how to do? I don't have any idea!
    Do I have to configure it by XML spring configuration or by creating some Java objects (a new authentication manager)?

    Follows my current configuration. What I've to change?

    Code:
    <security:http use-expressions="true">
    	    <security:intercept-url pattern="/resources/**" filters="none"/>
    	    <security:intercept-url pattern="/login.html" access="permitAll()" />
    	    <security:intercept-url pattern="/auth/**" access="isAuthenticated()" />
    	      <security:form-login login-page="/login.html"
    	                authentication-success-handler-ref="loginSuccessHandler"
    	                authentication-failure-handler-ref="loginFailureHandler" />
    	      <security:logout invalidate-session="true" logout-success-url="/login.html" logout-url="/j_spring_security_logout"/>
    	      <security:session-management session-fixation-protection="newSession" >
    	          <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="false"/>
    	      </security:session-management>
    </security:http>
    
    <security:authentication-manager>
    	        <security:ldap-authentication-provider  
    	        		user-search-filter="(uid={0})" 
    	        		user-search-base="ou=Users"
    	        		group-search-filter="(displayName={0})"
    	        		group-search-base="ou=Groups"
    	        		group-role-attribute="cn"
    	        		role-prefix="ROLE_">
                     </security:ldap-authentication-provider>
    </security:authentication-manager>
    		
    	<security:ldap-server url="ldap://ldapserver.mydomain.com:390/dc=arcobaleno,dc=local" manager-dn="" manager-password="" />
    
    	<bean id="loginSuccessHandler" class="com.mydomain.web.LoginSuccessHandler" />
    	<bean id="loginFailureHandler" class="com.mydomain.web.LoginFailureHandler" />
    Thank you.

    Pbesi
Working...
X