Announcement Announcement Module
Collapse
No announcement yet.
Upgrading multiple LDAP authentication providers from Acegi to Spring Security Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Upgrading multiple LDAP authentication providers from Acegi to Spring Security

    Hey, everyone!

    We've upgraded from Acegi to Spring Security 2.0.4 and I'm wondering how to express multiple LDAP providers using the new syntax.

    Here's my non-working attempt. What happens in this case is that the SECOND search is the only one that applies.

    Code:
     <security:http >
            <security:intercept-url pattern="/app/materialsRequest" access="IS_AUTHENTICATED_FULLY"/>
            <security:form-login login-page="/app/login" login-processing-url="/app/loginProcess" default-target-url="/app/materialsRequest" authentication-failure-url="/app/login?login_error=1" />
            <security:logout logout-url="/app/logout" logout-success-url="/app/logoutSuccess" />
        </security:http>
        <security:ldap-server url="ldap://xxx/" manager-dn="xxx" manager-password="xxx"/>
        <security:ldap-authentication-provider user-search-filter="(sAMAccountName={0})" user-search-base="cn=Users,dc=tfanet,DC=org"
                                               group-search-filter="(sAMAccountName={0})"
                                               group-role-attribute="cn"
                                               group-search-base="cn=Users,dc=tfanet,DC=org"
                />
        <security:ldap-authentication-provider user-search-filter="(sAMAccountName={0})" user-search-base="ou=tfausers,dc=tfanet,DC=org"
                                               group-search-filter="(sAMAccountName={0})"
                                               group-role-attribute="cn"
                                               group-search-base="ou=tfausers,dc=tfanet,DC=org"
                />

    In Acegi, it was easy to do by specifying an authentication Manager...

    Code:
     <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
            <property name="providers">
                <list>
                    <ref local="ldapAuthenticationProvider"/>
                    <ref local="ldapAuthenticationProvider2"/>
                    <ref local="ldapAuthenticationProvider3"/>
                </list>
            </property>
        </bean>
    Am I doing something really silly here or missing a key part of the new syntax? How do I specify multiple LDAP searches using the new syntax?

    Thanks for your time! I really appreciate anyone taking the time to look at this...

    -Peter

  • #2
    Yes. A current limitation of the namespace syntax is that you can only define one LDAP authentication provider using it. You can still add others as traditional beans though. Read the namespace chapter where it discusses adding custom authentication providers and look at the LDAP chapter (syntax is still the same as before).

    Feel free to open a Jira issue for an enhancement to allow multiple LDAP providers via the namespace.

    Comment

    Working...
    X