Results 1 to 2 of 2

Thread: LdapAuthenticationProvider

  1. Aug 2nd, 2006, 07:39 AM #1
    magpor
    magpor is offline Senior Member
    Join Date
    Oct 2005
    Posts
    104

    Default LdapAuthenticationProvider

    Hi

    Im using active directory to do authentication and to fetch roles from.
    This is my xml:

    <bean id="initialDirContextFactory"
    class="org.acegisecurity.ldap.DefaultInitialDirCon textFactory">
    <constructor-arg value="ldap://sedc02.hm.com:3268/ou=Consultants,ou=Users,ou=se,ou=hm,dc=hm,dc=com"/>
    <property name="managerDn">
    <value>CN=Poromaa Magnus,OU=Consultants,OU=Users,OU=SE,OU=HM,DC=hm,D C=com</value>
    </property>
    <property name="managerPassword">
    <value>dat95mp5</value>
    </property>
    </bean>

    <bean id="userSearch" class="org.acegisecurity.ldap.search.FilterBasedLd apUserSearch">
    <constructor-arg index="0">
    <value></value>
    </constructor-arg>
    <constructor-arg index="1">
    <value>(sAMAccountName={0})</value>
    </constructor-arg>
    <constructor-arg index="2">
    <ref local="initialDirContextFactory"/>
    </constructor-arg>
    <property name="searchSubtree">
    <value>true</value>
    </property>
    </bean>

    <bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthen ticationProvider">
    <constructor-arg>
    <bean class="org.acegisecurity.providers.ldap.authentica tor.BindAuthenticator">
    <constructor-arg>
    <ref local="initialDirContextFactory"/>
    </constructor-arg>
    <property name="userSearch">
    <ref local="userSearch"/>
    </property>
    </bean>
    </constructor-arg>
    <constructor-arg>
    <bean class="org.acegisecurity.providers.ldap.populator. DefaultLdapAuthoritiesPopulator">
    <constructor-arg>
    <ref local="initialDirContextFactory"/>
    </constructor-arg>
    <constructor-arg>
    <value></value>
    </constructor-arg>
    <property name="convertToUpperCase">
    <value>true</value>
    </property>
    <property name="rolePrefix">
    <value>ROLE_</value>
    </property>
    <property name="searchSubtree">
    <value>true</value>
    </property>
    <property name="groupSearchFilter">
    <value>(memberOf={0})</value>
    </property>
    <property name="defaultRole">
    <value>ROLE_USER</value>
    </property>
    </bean>
    </constructor-arg>
    </bean>


    My question is. My initialDirContextFactory point to ou=Consultants,ou=Users,ou=se,ou=hm,dc=hm,dc=com and after succefully authenticating I nedd to get the attributes memberOf from the users directory being: cn=Magnus Poromaa,ou=Consultants,ou=Users,ou=se,ou=hm,dc=hm, dc=com

    Then if looking at the DefaultLdapAuthoritiesPopulator the second consytructor argument specifies the group search base, which I have non and the group search filter is (memberOf={0}).

    Here comes the problem How does the DefaultLdapAuthoritiesPopulator know that it should go into the users directory cn=Poromaa Magnus to get the memberOf attributes and not stay in its parent. Also if I specify searchSubtree=true, want it mean that all users will get all roles from every other user.

    Cheers
    Magnus
    Reply With Quote Reply With Quote
  2. Aug 2nd, 2006, 08:31 AM #2
    magpor
    magpor is offline Senior Member
    Join Date
    Oct 2005
    Posts
    104

    Default Forget it

    After browing abit it all became cleare, just forget it

    Magnus
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules