Oct 5th, 2010, 11:49 PM
Writing User Details incl password in LDAP
I have been spending a bit of time trying to figure out how to support letting users change their own details (including password) and put them in and LDAP server.
I am fine with doing authentication, and retrieving user details and role information from an LDAP server with Spring Security.
But is it correct to say that if I want to manage users (CRUD) I should probably be looking at Spring LDAP? I've been doing that and I seem to end up with things that looke suspicously like inetOrgPerson and the associated contectMappers except that I can set attributes of the user, not just get them.
I'm new to Spring, Spring Security, LDAP, Spring LDAP, and not trying to be lazy but I have run out of gas searching and reading.
Oct 6th, 2010, 09:09 AM
There are two implementations -- JdbcUserDetailsManager and LdapUserDetailsManager -- of the UserDetailsManager interface that are provided by the framework. Alternatively, you might look into using the spring-security-ui grails plugin.
Oct 6th, 2010, 10:32 AM
Thanks for the reply.
LdapUserDetailsManager seemed perfect to me but all the crucial methods take a UserDetails object (I am/was using the InetOrgPerson).
However User Details objects are immutable so I can not seem to create a new and data fill it, nor can I change an existing UserDetails so as to give it to the Manager to change the LDAP stored values.
I also noticed that the various UserDetails implementation objects have inner Essence classes which allow setting of all the attributes I want - but I have to admit that I simply don;t understand how or if I can access the essence classes to effect changes. This may simply be a deficiency in some basic Java knowledge on my part.
Also, my GUI is in Flash so thought he Grails UI plugin you mention is just about spot on what I need, it does not work for me....
Oct 6th, 2010, 01:29 PM
InetOrgPerson is an instance of UserDetails
Originally Posted by tmoens
Have you tried taking a look at LdapUserDetailsManagerTests? I think that should give you a good idea how to use the class.
Originally Posted by tmoens
Oct 6th, 2010, 09:32 PM
Yes thanks that helps and I did get it working. Does just what I need. The tests and test data sprinkled in that directory helped to demystify password policy stuff too.
So I'm curious as to why the LDAPUserDetailsManager is not covered in the documentation or the examples. Anyway, I'm trudging away with the big green bar of happiness on my unit tests.
Oct 7th, 2010, 12:36 AM
Glad it was helpful...sometimes tests are the best documentation there is. To be honest I am not sure why it does not exist in the samples/documentation. If you would like to see it added, you might want to log a JIRA. It then can be prioritized with the other tasks.