Results 1 to 4 of 4

Thread: LDAP authenticate and fetching attributes

  1. Apr 24th, 2008, 07:48 PM #1
    adb
    adb is offline Member
    Join Date
    Jan 2008
    Location
    Sydney
    Posts
    33

    Default LDAP authenticate and fetching attributes

    If I use BindAuthenticator I cannot get a particular attribute because it is not visible to the user. I can't use PasswordComparisonAuthenticator because admin does not have access to the userPassword attribute. So, I've now got

    1) bind as admin
    2) search for user
    3) bind as user

    After 2) I have all the attributes I need if the bind in 3 succeeds. How do I make these available to the authenticated context.

    Antony
  2. Apr 24th, 2008, 10:17 PM #2
    adb
    adb is offline Member
    Join Date
    Jan 2008
    Location
    Sydney
    Posts
    33

    Default

    When BindAuthenticator.authenticate is called, it searches for the user like
    Code:
    if (user == null && getUserSearch() != null) {
    DirContextOperations userFromSearch = getUserSearch().searchForUser(username);
    user = bindWithDn(userFromSearch.getDn().toString(), username, password);
}
    so, even if I set the returningAttributes property for the the FilterBasedLdapUserSearch, it discards them immediately. Why is it possible to set this returningAttributes if it's thrown away. I tried extending the BindAuthenticator and merging the attributes, but I found that these attributes are also thrown away.

    The UserDetails (LdapUserDetailsImpl) has a getAttributes method which implies the attributes are stored, but they are not. The LdapUserDetailsMapper never sets these attributes. Should it?

    Antony
  3. Apr 25th, 2008, 12:01 AM #3
    adb
    adb is offline Member
    Join Date
    Jan 2008
    Location
    Sydney
    Posts
    33

    Default

    In another post, Harro had the same problem. I created my own UserDetailContextsMapper, extending LdapUserDetailsMapper, but that is really messy to extend..
    Code:
        public UserDetails mapUserFromContext(DirContextOperations ctx,
                    String username, GrantedAuthority[] authorities)
    {
        UserDetails ud = super.mapUserFromContext(ctx, username, authorities);
        LdapUserDetailsImpl lud = (LdapUserDetailsImpl)ud;
        DirContextAdapter dca = (DirContextAdapter)ctx;
        Attributes atts = lud.getAttributes();
        Enumeration e = dca.getAttributes().getAll();
        while (e.hasMoreElements())
        {
            atts.put((Attribute)e.nextElement());
        }
        return ud;
    }
    just to get the LDAP attributes into the UserDetails, which I think the standard version should do anyway.

    Maybe I'm going about this the wrong way, I thought I was trying to do something quite simple, but it's been a bit of a hack as I first had to understand the relationship between all these core implementation classes...

    Antony
  4. Apr 27th, 2008, 09:17 PM #4
    adb
    adb is offline Member
    Join Date
    Jan 2008
    Location
    Sydney
    Posts
    33

    Default

    Quote Originally Posted by adb View Post
    The UserDetails (LdapUserDetailsImpl) has a getAttributes method which implies the attributes are stored, but they are not. The LdapUserDetailsMapper never sets these attributes. Should it?
    Is this a bug?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules