LDAP Username & Password & Custom field Authentication

**trevparks** · Jul 15th, 2008, 04:00 PM

Is there an LDAP example of adding an additional field to login to determine what organization url to search in?

I want my login page to look like:
Username
Password
Company

My LDAP repository would have something like:
company1
person1 (uid=user1, password=password1)
person2 (uid=user2, password=password2)
company2
person3 (uid=user1, password=password1)
person4 (uid=user2, password=password2)

Searching only on username doesn't work in this example, so I should include the company.

Any ideas? Thanks.

**trevparks** · Jul 16th, 2008, 01:22 PM

Is there a way to dynamically generate the LDAP server url? Since the user specifies the company, I can't hard-code the root organization in the config file.
<security:ldap-server url="ldap://<host>:<port>/o=companyA" />

**Luke Taylor** · Jul 17th, 2008, 06:52 AM

If there's a single LDAP server, then you should use the base URL and customize the LDAP provider and associated beans to do the searches you want, based on the supplied company information. I'd probably concatenate the username and company and implement your own custom LdapUserSearch:

http://static.springframework.org/sp...serSearch.html

which separates the two and does an appropriate search.

**J Ball** · Jul 17th, 2008, 10:30 AM

Sorry, I am new to spring security and not sure what is required to implement a custom LdapUserSearch - can you expain? Is there an example you can point me to, regarding what all I need to override?

**Luke Taylor** · Jul 17th, 2008, 11:33 AM

LdapUserSearch is an interface in the framework - check the link I posted. So you can provide your own implementation and plug it into a standard LDAP bean configuration:

http://static.springframework.org/sp...ap-bean-config

Where it mentions the "userSearch" bean you would use your own implementation. You will have to extend AuthenticationProcessingFilter too to handle the extra login field and concatenate it with the username.

**J Ball** · Jul 17th, 2008, 12:26 PM

In the last link you sent it says, "...and use it by setting the authenticator's userSearch property". What does that mean? Are the beans mentioned in place of the ldap-server and ldap-authentication-provider tags?

I tried to use information from thread titled, "How to replace form-login" (I can't post a link because of your policy on newbies) and setup my authentication processing filter, authentication provider, and authentication token but was unsuccessful.

**Luke Taylor** · Jul 17th, 2008, 01:20 PM

Originally Posted by J Ball

In the last link you sent it says, "...and use it by setting the authenticator's userSearch property". What does that mean? Are the beans mentioned in place of the ldap-server and ldap-authentication-provider tags?.

Yes. I'd suggest you read section 10.4 and take a look at some of the source classes and Javadoc. If you really aren't familiar with using Spring beans with DI properties and using your own strategies for the supported interfaces then I'd suggest you get some external help, because you will save a lot of time.

**J Ball** · Jul 17th, 2008, 05:37 PM

Thanks for the help - I think I am further along using the thread, http://forum.springframework.org/sho...t=57373&page=2.

Can you comment on my error if I remove form-login, specifically how I specify "processLogin"?

Thread: LDAP Username & Password & Custom field Authentication

Thread Tools

Display

LDAP Username & Password & Custom field Authentication

Posting Permissions