Announcement Announcement Module
Collapse
No announcement yet.
LdapPasswordAuthenticationDao and nested groups Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • LdapPasswordAuthenticationDao and nested groups

    This is partly a follow on from a previous post but I thought it warranted a new topic...

    I've had a look at the source for the LdapPasswordAuthenticationDao class in the sandbox and got it working to some extent. From what I can tell, this currently has no way of dealing with nested groups. Can anyone confirm this ?

    Also, i've been able to authenticate using the user's common name to log in but have had no luck when trying to use the username Ie. uid=username.

    While this returns a result when used in ldapsearch at the command line it doesn't appear to work from within this class. There is another potential problem I can see in that in my situation my group members are listed as common names not uid's so it would have trouble passing through the uid and matching against groups containing members listed as CN.

    Am I on the right track with this or am I talking garbage ?

    Lastly given all these questions, my final question relates to the direction for this class.... Is this something that's planned to be integrated into the core Acegi security distribution ? If so, can anyone confirm whether this is planned for the next release or should I be hacking away at this myself in the mean time. Hacking being the operative word at this stage

    cheers,
    rob

  • #2
    Re: LdapPasswordAuthenticationDao and nested groups

    Originally posted by robmonie
    Lastly given all these questions, my final question relates to the direction for this class.... Is this something that's planned to be integrated into the core Acegi security distribution ? If so, can anyone confirm whether this is planned for the next release or should I be hacking away at this myself in the mean time. Hacking being the operative word at this stage
    Once the LDAP provider is stable and has corresponding unit tests, it will be moved into core.

    Comment


    • #3
      robmonie,
      I've been learning a lot about LDAP recently, both through my work on the LdapPasswordAuthenticationDao, and on some internal projects. However, my exposure to different configurations/directory layouts is pretty limited - I've got a live OpenLDAP server that I can check things against, and I am currently working on creating a portable test using the apache directory project (currenly using 0.9-snapshot). Please send me any issues, ideas, etc.. that you find.

      As for searching via common name; have you tried something like:
      Code:
      <property name="userContext"><value>cn=&#123;0&#125;,ou=Users...</value></property>
      You are correct about nested groups; I am unfamiliar with this situation. If you have a chance, could you post a cleaned LDIF entry or two? I will try to add them to the test I am working on... Also, I am on the acegi-dev mailing list, so anything set there I will look at too.

      Comment

      Working...
      X