LdapAuthenticationProvider : Configuring PasswordComparisonAuthenticator

[rashmi094]

Does anybody know how to configure the PasswordComparisonAuthenticator for an LDAP Authentication Provider?
My application is working pretty ok with the BindAuthenticator, but not with the PasswordComparisonAuthenticator.
I have not been able to find any documentation on how to configure PasswordComparisonAuthenticator.

[Luke Taylor]

The configuration options are basically the same as the BindAuthenticator, since they share the same base class. It has a constructor arg which takes the InitialDirContext factory and you can specify a list of patterns for the DN, or use a search to locate the user.

Use the Javadoc and/or source xref from the website to work out the config params:

http://acegisecurity.org/multiprojec...enticator.html

I'm making some changes to the LDAP code at the moment, but it shouldn't affect simple configuration of the authenticators.

[innanill]

I have the same issue and need clarification of the javadocs...
Specifically, what exactly is the passwordAttributeName for, in the PasswordComparisonAuthenticator?

Also, as a side question, should the BindAuthenticator only be used in the cases when the password stored in LDAP is not encrypted? If not, how would the BindAuthenticator know how to encrypt the passed-in clear text pw to match what's in LDAP, since it has no password-related properties?

[Luke Taylor]

The "passwordAttributeName" is the name of the attribute which stores the user's password.

should the BindAuthenticator only be used in the cases when the password stored in LDAP is not encrypted?

No. The bind authentication mechanism is independent of how the passwords are stored.