Announcement Announcement Module
Collapse
No announcement yet.
LDAP Username & Password & Custom field Authentication Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP Username & Password & Custom field Authentication

    Is there an LDAP example of adding an additional field to login to determine what organization url to search in?

    I want my login page to look like:
    Username
    Password
    Company

    My LDAP repository would have something like:
    company1
    person1 (uid=user1, password=password1)
    person2 (uid=user2, password=password2)
    company2
    person3 (uid=user1, password=password1)
    person4 (uid=user2, password=password2)

    Searching only on username doesn't work in this example, so I should include the company.

    Any ideas? Thanks.

  • #2
    Is there a way to dynamically generate the LDAP server url? Since the user specifies the company, I can't hard-code the root organization in the config file.
    <security:ldap-server url="ldap://<host>:<port>/o=companyA" />

    Comment


    • #3
      If there's a single LDAP server, then you should use the base URL and customize the LDAP provider and associated beans to do the searches you want, based on the supplied company information. I'd probably concatenate the username and company and implement your own custom LdapUserSearch:

      http://static.springframework.org/sp...serSearch.html

      which separates the two and does an appropriate search.

      Comment


      • #4
        Sorry, I am new to spring security and not sure what is required to implement a custom LdapUserSearch - can you expain? Is there an example you can point me to, regarding what all I need to override?
        Last edited by J Ball; Jul 17th, 2008, 11:23 AM.

        Comment


        • #5
          LdapUserSearch is an interface in the framework - check the link I posted. So you can provide your own implementation and plug it into a standard LDAP bean configuration:

          http://static.springframework.org/sp...ap-bean-config

          Where it mentions the "userSearch" bean you would use your own implementation. You will have to extend AuthenticationProcessingFilter too to handle the extra login field and concatenate it with the username.

          Comment


          • #6
            In the last link you sent it says, "...and use it by setting the authenticator's userSearch property". What does that mean? Are the beans mentioned in place of the ldap-server and ldap-authentication-provider tags?

            I tried to use information from thread titled, "How to replace form-login" (I can't post a link because of your policy on newbies) and setup my authentication processing filter, authentication provider, and authentication token but was unsuccessful.
            Last edited by J Ball; Jul 17th, 2008, 01:10 PM.

            Comment


            • #7
              Originally posted by J Ball View Post
              In the last link you sent it says, "...and use it by setting the authenticator's userSearch property". What does that mean? Are the beans mentioned in place of the ldap-server and ldap-authentication-provider tags?.
              Yes. I'd suggest you read section 10.4 and take a look at some of the source classes and Javadoc. If you really aren't familiar with using Spring beans with DI properties and using your own strategies for the supported interfaces then I'd suggest you get some external help, because you will save a lot of time.

              Comment


              • #8
                Thanks for the help - I think I am further along using the thread, http://forum.springframework.org/sho...t=57373&page=2.

                Can you comment on my error if I remove form-login, specifically how I specify "processLogin"?

                Comment

                Working...
                X