Jan 10th, 2007, 07:53 AM
Multi LDAP + local users
In my software users of my database and users of the LDAP can effect login.
However users can be of some LDAPs different.
I'm using the UserDetails/UserDetailsService to effect login of users local (my database).
How to make to effect login in some LDAP and to join with the part that already is ready?
I have a LdapUtil class, that makes authentication in all the bases of the LDAP. They think about using it inside of the method getPassword() of the UserDetails to verify password of user in the LDAP.
But inside of getPassword() I do not have password that the User typed in the form, to use in the LdapUtil and to make the verification. If he had the problem would be solved.
Feb 26th, 2007, 01:51 PM
Could you explain a little more about what you are doing and what the problem is? I'm not really sure what the question is here.
Feb 26th, 2007, 02:45 PM
I had I project that users of some LDAPs could have access, and moreover who did not have account in the LDAP was inserted in the database.
How to define the strategy of login (authenticate) of this in the ACEGI?
ACEGI supports to authenticate users in the LDAP or database depending on the type of the user?
Feb 26th, 2007, 02:58 PM
Ok, so what you are basically saying is that the users could either be in the LDAP or could be in the Database. Couldn't you just define multiple authentication providers? One for the LDAP and one for the database. If you look at the acegi-security-sample-tutorial example, it shows the use of one 'daoAuthenticationProvider'. You could simply add another to authenticate against LDAP.
Feb 26th, 2007, 03:09 PM
Ok, but how is made the choice of which authentication providers to use for user XXX? The ACEGI discovers alone? How it knows that it has that to go in the LDAP or database?
Feb 26th, 2007, 03:16 PM
Acegi will simply iterate around the authentication providers and try to authenticate against each. If you want it be more controlled, then you'd have to pass in something from the client which says what to try and authenticate against. You could then pick this up in the AuthenticationProvider and act accordingly.
Feb 26th, 2007, 06:58 PM
hmmm ok. I understood.
I can pass a parameter of form (HTML) for the AuthenticationProvider? Parameter to specify which the type of user.
Feb 27th, 2007, 02:41 AM
Of course you can. You would need to retrieve this in the filter and then store the value with the Authentication token so it gets down to the AuthenticationProvider.