Announcement Announcement Module
Collapse
No announcement yet.
LDAP authenticate and fetching attributes Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP authenticate and fetching attributes

    If I use BindAuthenticator I cannot get a particular attribute because it is not visible to the user. I can't use PasswordComparisonAuthenticator because admin does not have access to the userPassword attribute. So, I've now got

    1) bind as admin
    2) search for user
    3) bind as user

    After 2) I have all the attributes I need if the bind in 3 succeeds. How do I make these available to the authenticated context.

    Antony

  • #2
    When BindAuthenticator.authenticate is called, it searches for the user like
    Code:
    if (user == null && getUserSearch() != null) {
        DirContextOperations userFromSearch = getUserSearch().searchForUser(username);
        user = bindWithDn(userFromSearch.getDn().toString(), username, password);
    }
    so, even if I set the returningAttributes property for the the FilterBasedLdapUserSearch, it discards them immediately. Why is it possible to set this returningAttributes if it's thrown away. I tried extending the BindAuthenticator and merging the attributes, but I found that these attributes are also thrown away.

    The UserDetails (LdapUserDetailsImpl) has a getAttributes method which implies the attributes are stored, but they are not. The LdapUserDetailsMapper never sets these attributes. Should it?

    Antony

    Comment


    • #3
      In another post, Harro had the same problem. I created my own UserDetailContextsMapper, extending LdapUserDetailsMapper, but that is really messy to extend..
      Code:
          public UserDetails mapUserFromContext(DirContextOperations ctx,
                          String username, GrantedAuthority[] authorities)
          {
              UserDetails ud = super.mapUserFromContext(ctx, username, authorities);
              LdapUserDetailsImpl lud = (LdapUserDetailsImpl)ud;
              DirContextAdapter dca = (DirContextAdapter)ctx;
              Attributes atts = lud.getAttributes();
              Enumeration e = dca.getAttributes().getAll();
              while (e.hasMoreElements())
              {
                  atts.put((Attribute)e.nextElement());
              }
              return ud;
          }
      just to get the LDAP attributes into the UserDetails, which I think the standard version should do anyway.

      Maybe I'm going about this the wrong way, I thought I was trying to do something quite simple, but it's been a bit of a hack as I first had to understand the relationship between all these core implementation classes...

      Antony

      Comment


      • #4
        Originally posted by adb View Post
        The UserDetails (LdapUserDetailsImpl) has a getAttributes method which implies the attributes are stored, but they are not. The LdapUserDetailsMapper never sets these attributes. Should it?
        Is this a bug?

        Comment

        Working...
        X