Adding users to ldap

**Taariq** · Aug 11th, 2010, 11:46 PM

Hi

There are simple samples to authenticate, but even the Spring Security book doesn't go beyond this.
My requirement is to also add new users to ldap, are there any docs or tutorials on this?
Or hints to get started?

I'm using spring-security 3.0, some unit tests would also be great that does bind, unbind etc using the new classes.

**Marten Deinum** · Aug 12th, 2010, 12:57 AM

Spring security is about securing your application, it is not a user management tool. So how y ou go about with this is basically depending on your project, structure, data etc not something spring security will fix for you.

You are using LDAP so I suggest checking spring ldap (which btw also has some samples in the reference guide).

**Taariq** · Aug 12th, 2010, 01:26 AM

Ah, this makes more sense, thank you.

To ensure I understand correctly, I will design a user management system that uses spring-ldap only for authentication, and included in that is to add new users to Spring's registry via LdapTemplate.bind after I have actually authorized and added them to the LDAP directory by some other java means.
Right?

**Marten Deinum** · Aug 12th, 2010, 01:56 AM

Not sure if I understand your explanation....

You can still (and should) use Spring Security with its ldap configuration to handle all the authentication and authorization, that actually doesn't change. The only thing you need to do is to write something that inserts/updates users in LDAP. You don't really have to change/modify spring security for that.

For the latter you can use Spring LDAP (which also explains this in its reference guide).

**Taariq** · Aug 12th, 2010, 02:51 AM

Originally Posted by Marten Deinum

Not sure if I understand your explanation....

You can still (and should) use Spring Security with its ldap configuration to handle all the authentication and authorization, that actually doesn't change. The only thing you need to do is to write something that inserts/updates users in LDAP. You don't really have to change/modify spring security for that.

For the latter you can use Spring LDAP (which also explains this in its reference guide).

Oh, what I meant was that I'd have some code outside of Spring LDAP that inserts/updates users, but also the job of that subsystem is to call Spring LDAP methods such as LdapTemplate.bind(...) whose javadoc says it's to "Create an entry in the LDAP tree."

So now I picture this LDAP tree as something Spring built up from the config during initialisation, and after that it doesn't poll for changes or anything, it relies on me to use bind after the code that does the insert/update.

**Marten Deinum** · Aug 12th, 2010, 02:55 AM

Bind put the user in there, would be pretty useless if it didn't would it now...

**Taariq** · Aug 12th, 2010, 03:12 AM

Originally Posted by Marten Deinum

Bind put the user in there, would be pretty useless if it didn't would it now...

Hehe, yes that would be pretty useless, and that's what I understood originally and confused myself along the lines.

So then back to my original question, if bind puts it there, and I confirmed this with code, and with previous release I can use ParameterizedContextMapper to find all "Person" objects for instance, then what does one do in 3.0.3?

There is no longer SimpleLdapTemplate, now there's SpringSecurityLdapTemplate, and this does not take ParameterizedContextMapper.

The old code would work this way...

Code:

public List<Person> findAll() {
        EqualsFilter filter = new EqualsFilter("objectclass", "person");
        return ldapTemplate.search(DistinguishedName.EMPTY_PATH,
                filter.encode(), getContextMapper());
    }

    protected ParameterizedContextMapper<Person> getContextMapper() {
        return new PersonContextMapper();
    }

SNIP

private class PersonContextMapper implements ParameterizedContextMapper<Person> {
        public Person mapFromContext(Object ctxt) {
            DirContextAdapter context = (DirContextAdapter) ctxt;
            Person person = new Person();

            person.setCommonName(context.getStringAttribute("cn"));
            person.setEncPassword(context.getObjectAttribute("userPassword"));
            person.setDistName(context.getNameInNamespace());
            person.setUid(context.getStringAttribute("uid"));
            person.setFirstName(context.getStringAttribute("givenName"));
            person.setLastName(context.getStringAttribute("sn"));
            person.setCountry(context.getStringAttribute("l"));
            person.setMail(context.getStringAttribute("mail"));
            person.setDescription(context.getStringAttribute("description"));
            person.setCompany(context.getStringAttribute("o"));
            person.setEmployeeNumber(context.getStringAttribute("employeeNumber"));

            return person;
        }
    }

**Marten Deinum** · Aug 12th, 2010, 03:38 AM

I suggest a read of the spring ldap documentation... And don't use the SpringSecurityLdapTemplate because that is for use with Spring Security only, if you want to use spring ldap use those classes which still has the SimpleLdapTemplate...

I strongly suggest to read the ldap documentation and api docs.

**Taariq** · Aug 12th, 2010, 03:51 AM

I admit I have been skimming over the reference guides when more than that is needed.
Thanks for your help.

Thread: Adding users to ldap

Thread Tools

Display

Adding users to ldap

Posting Permissions