Adding users to ldap

[Taariq]

Hi

There are simple samples to authenticate, but even the Spring Security book doesn't go beyond this.
My requirement is to also add new users to ldap, are there any docs or tutorials on this?
Or hints to get started?

I'm using spring-security 3.0, some unit tests would also be great that does bind, unbind etc using the new classes.

[Marten Deinum]

Spring security is about securing your application, it is not a user management tool. So how y ou go about with this is basically depending on your project, structure, data etc not something spring security will fix for you.

You are using LDAP so I suggest checking spring ldap (which btw also has some samples in the reference guide).

[Taariq]

Ah, this makes more sense, thank you.

To ensure I understand correctly, I will design a user management system that uses spring-ldap only for authentication, and included in that is to add new users to Spring's registry via LdapTemplate.bind after I have actually authorized and added them to the LDAP directory by some other java means.
Right?

[Marten Deinum]

Not sure if I understand your explanation....

You can still (and should) use Spring Security with its ldap configuration to handle all the authentication and authorization, that actually doesn't change. The only thing you need to do is to write something that inserts/updates users in LDAP. You don't really have to change/modify spring security for that.

For the latter you can use Spring LDAP (which also explains this in its reference guide).

[Taariq]

Not sure if I understand your explanation....

You can still (and should) use Spring Security with its ldap configuration to handle all the authentication and authorization, that actually doesn't change. The only thing you need to do is to write something that inserts/updates users in LDAP. You don't really have to change/modify spring security for that.

For the latter you can use Spring LDAP (which also explains this in its reference guide).

Oh, what I meant was that I'd have some code outside of Spring LDAP that inserts/updates users, but also the job of that subsystem is to call Spring LDAP methods such as LdapTemplate.bind(...) whose javadoc says it's to "Create an entry in the LDAP tree."

So now I picture this LDAP tree as something Spring built up from the config during initialisation, and after that it doesn't poll for changes or anything, it relies on me to use bind after the code that does the insert/update.

[Marten Deinum]

Bind put the user in there, would be pretty useless if it didn't would it now...