Announcement Announcement Module
Collapse
No announcement yet.
LDAP for authentication then DAOProvider for authorization? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP for authentication then DAOProvider for authorization?

    Hi, guys
    I got a suitation, all my web applications are running on WAS, right now all of them are using LDAP for authentication and authorization which means WAS auto-generate an xml for store user information.
    Add/Remove user or change roles need login WAS console as WAS admin, then restart application for taking effect...(Only username & password can found in LDAP server)
    So I think is that any possibilities for using LDAP for authentication then using DAOProvider for authorization? Do I need define my own LDAP provider or just configure it?
    Last edited by eileandour; Jul 2nd, 2008, 05:26 AM.

  • #2
    We also have a situation where we are using an LDAP for authentication, but will be using a custom DAO (stored procedure) for role based authorization. Suggestions or examples would be greatly appreciated. I already have acegi working with our LDAP, and already have the DAO done. Would like examples or suggestions on how best to wire the LDAP, and DAO into acegi.

    Comment


    • #3
      I'm still struggling with LDAP...
      I can connect with it and browser it using LDAP browser, but I can achieve password for comparision in spring security, because I don't have super admin or some higher permission to do it.
      I don't know how WAS make LDAP authentication happens, it's more like only the one who login knows the password not somebody else...
      Honestly, for me LDAP still a mystery, any ideas or advises will be appreciate.

      for wskent, maybe you can try using your own AuthoritiesPopulator instead of DefaultLdapAuthoritiesPopulator as contructor-args of LdapAuthenticationProvider.

      Comment


      • #4
        I don't really understand what you're saying about WAS. But it is very common not to be able to retrieve the password from the LDAP directory. Using the BindAuthenticator you don't need to retrieve it - the directory performs the authentication.

        Comment


        • #5
          Thanks Luke, I got wrong idea about LDAP authentication...
          I think maybe I didn't configure rightly, because no username was gained from LDAP...

          Comment


          • #6
            Everything works fine now!
            BTW, there's an UserDetailsServiceLdapAuthoritiesPopulator defined in Spring Security, so actually don't need redefine your own populator for Dao authorization.
            In this way, I don't know how namespaces configuration works, so using standard one.

            Comment

            Working...
            X