Jul 15th, 2008, 04:00 PM
LDAP Username & Password & Custom field Authentication
Is there an LDAP example of adding an additional field to login to determine what organization url to search in?
I want my login page to look like:
My LDAP repository would have something like:
person1 (uid=user1, password=password1)
person2 (uid=user2, password=password2)
person3 (uid=user1, password=password1)
person4 (uid=user2, password=password2)
Searching only on username doesn't work in this example, so I should include the company.
Any ideas? Thanks.
Jul 16th, 2008, 01:22 PM
Is there a way to dynamically generate the LDAP server url? Since the user specifies the company, I can't hard-code the root organization in the config file.
<security:ldap-server url="ldap://<host>:<port>/o=companyA" />
Jul 17th, 2008, 06:52 AM
If there's a single LDAP server, then you should use the base URL and customize the LDAP provider and associated beans to do the searches you want, based on the supplied company information. I'd probably concatenate the username and company and implement your own custom LdapUserSearch:
which separates the two and does an appropriate search.
Jul 17th, 2008, 10:30 AM
Sorry, I am new to spring security and not sure what is required to implement a custom LdapUserSearch - can you expain? Is there an example you can point me to, regarding what all I need to override?
Last edited by J Ball; Jul 17th, 2008 at 11:23 AM.
Jul 17th, 2008, 11:33 AM
LdapUserSearch is an interface in the framework - check the link I posted. So you can provide your own implementation and plug it into a standard LDAP bean configuration:
Where it mentions the "userSearch" bean you would use your own implementation. You will have to extend AuthenticationProcessingFilter too to handle the extra login field and concatenate it with the username.
Jul 17th, 2008, 12:26 PM
In the last link you sent it says, "...and use it by setting the authenticator's userSearch property". What does that mean? Are the beans mentioned in place of the ldap-server and ldap-authentication-provider tags?
I tried to use information from thread titled, "How to replace form-login" (I can't post a link because of your policy on newbies) and setup my authentication processing filter, authentication provider, and authentication token but was unsuccessful.
Last edited by J Ball; Jul 17th, 2008 at 01:10 PM.
Jul 17th, 2008, 01:20 PM
Yes. I'd suggest you read section 10.4 and take a look at some of the source classes and Javadoc. If you really aren't familiar with using Spring beans with DI properties and using your own strategies for the supported interfaces then I'd suggest you get some external help, because you will save a lot of time.
Originally Posted by J Ball
Jul 17th, 2008, 05:37 PM
Thanks for the help - I think I am further along using the thread, http://forum.springframework.org/sho...t=57373&page=2.
Can you comment on my error if I remove form-login, specifically how I specify "processLogin"?