Jul 2nd, 2008, 01:52 AM
LDAP for authentication then DAOProvider for authorization?
I got a suitation, all my web applications are running on WAS, right now all of them are using LDAP for authentication and authorization which means WAS auto-generate an xml for store user information.
Add/Remove user or change roles need login WAS console as WAS admin, then restart application for taking effect...(Only username & password can found in LDAP server)
So I think is that any possibilities for using LDAP for authentication then using DAOProvider for authorization? Do I need define my own LDAP provider or just configure it?
Last edited by eileandour; Jul 2nd, 2008 at 04:26 AM.
Jul 3rd, 2008, 01:47 PM
We also have a situation where we are using an LDAP for authentication, but will be using a custom DAO (stored procedure) for role based authorization. Suggestions or examples would be greatly appreciated. I already have acegi working with our LDAP, and already have the DAO done. Would like examples or suggestions on how best to wire the LDAP, and DAO into acegi.
Jul 3rd, 2008, 08:54 PM
I'm still struggling with LDAP...
I can connect with it and browser it using LDAP browser, but I can achieve password for comparision in spring security, because I don't have super admin or some higher permission to do it.
I don't know how WAS make LDAP authentication happens, it's more like only the one who login knows the password not somebody else...
Honestly, for me LDAP still a mystery, any ideas or advises will be appreciate.
for wskent, maybe you can try using your own AuthoritiesPopulator instead of DefaultLdapAuthoritiesPopulator as contructor-args of LdapAuthenticationProvider.
Jul 4th, 2008, 04:54 AM
I don't really understand what you're saying about WAS. But it is very common not to be able to retrieve the password from the LDAP directory. Using the BindAuthenticator you don't need to retrieve it - the directory performs the authentication.
Jul 4th, 2008, 06:59 AM
Thanks Luke, I got wrong idea about LDAP authentication...
I think maybe I didn't configure rightly, because no username was gained from LDAP...
Jul 7th, 2008, 09:27 PM
Everything works fine now!
BTW, there's an UserDetailsServiceLdapAuthoritiesPopulator defined in Spring Security, so actually don't need redefine your own populator for Dao authorization.
In this way, I don't know how namespaces configuration works, so using standard one.