Announcement Announcement Module
Collapse
No announcement yet.
Writing User Details incl password in LDAP Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Writing User Details incl password in LDAP

    Greetings:

    I have been spending a bit of time trying to figure out how to support letting users change their own details (including password) and put them in and LDAP server.

    I am fine with doing authentication, and retrieving user details and role information from an LDAP server with Spring Security.

    But is it correct to say that if I want to manage users (CRUD) I should probably be looking at Spring LDAP? I've been doing that and I seem to end up with things that looke suspicously like inetOrgPerson and the associated contectMappers except that I can set attributes of the user, not just get them.

    I'm new to Spring, Spring Security, LDAP, Spring LDAP, and not trying to be lazy but I have run out of gas searching and reading.

    Ted

  • #2
    There are two implementations -- JdbcUserDetailsManager and LdapUserDetailsManager -- of the UserDetailsManager interface that are provided by the framework. Alternatively, you might look into using the spring-security-ui grails plugin.

    Comment


    • #3
      Yes, but....

      Thanks for the reply.

      LdapUserDetailsManager seemed perfect to me but all the crucial methods take a UserDetails object (I am/was using the InetOrgPerson).

      However User Details objects are immutable so I can not seem to create a new and data fill it, nor can I change an existing UserDetails so as to give it to the Manager to change the LDAP stored values.

      I also noticed that the various UserDetails implementation objects have inner Essence classes which allow setting of all the attributes I want - but I have to admit that I simply don;t understand how or if I can access the essence classes to effect changes. This may simply be a deficiency in some basic Java knowledge on my part.

      Also, my GUI is in Flash so thought he Grails UI plugin you mention is just about spot on what I need, it does not work for me....

      Thanks,

      Ted

      Comment


      • #4
        Originally posted by tmoens View Post
        LdapUserDetailsManager seemed perfect to me but all the crucial methods take a UserDetails object (I am/was using the InetOrgPerson).
        InetOrgPerson is an instance of UserDetails

        Originally posted by tmoens View Post
        However User Details objects are immutable so I can not seem to create a new and data fill it, nor can I change an existing UserDetails so as to give it to the Manager to change the LDAP stored values.

        I also noticed that the various UserDetails implementation objects have inner Essence classes which allow setting of all the attributes I want - but I have to admit that I simply don;t understand how or if I can access the essence classes to effect changes. This may simply be a deficiency in some basic Java knowledge on my part.
        Have you tried taking a look at LdapUserDetailsManagerTests? I think that should give you a good idea how to use the class.

        Comment


        • #5
          Thanks

          Yes thanks that helps and I did get it working. Does just what I need. The tests and test data sprinkled in that directory helped to demystify password policy stuff too.

          So I'm curious as to why the LDAPUserDetailsManager is not covered in the documentation or the examples. Anyway, I'm trudging away with the big green bar of happiness on my unit tests.

          Ted

          Comment


          • #6
            Glad it was helpful...sometimes tests are the best documentation there is. To be honest I am not sure why it does not exist in the samples/documentation. If you would like to see it added, you might want to log a JIRA. It then can be prioritized with the other tasks.

            Comment

            Working...
            X