Thank you for you answer.
In fact it looks like the V1 code works fine with AD. Just a quick note about what we have learnt.
Other than authenticating using the traditional ldap DN name (CN=John Doe, DC=acme,DC=com) , AD simple authentication accepts by default the domain\sAMAccount name which stands for pre windows 2000 accounts.
We just need to set rootContext to the something like dc=acme,dc=com, and the usercontext to just {0}.
In my setting, I am just appending the rootContext to the url, getting somehting like ldap://ldap.acme.com:389/dc=acme,dc=com
In our project, we do not need any roles from AD, then once we authenticate, we get them from our own repository. But searching the roles withing a ldap attributes works fine too.
In another line, regarding your option 2, yes, I appreciate if you can send me Joseph's code to see if I can add something to it.
Cheers,
Gus.
On 7/26/05,
Robert r. Sanders <[EMAIL PROTECTED]> wrote:
Gustavo,
Currently my main computer is down, so I don't have all my normal links and stuff, which would help me answer a little better; but here goes.
I've never used Active Directory, but my understanding is that the "standard" setup I have been using for my tests does not account for it. I know of 2 proposed changes to address this:
1. The first is checked into the sandbox under the branch name "ldap_refactor_07-20-2005"
http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/sandbox/src/main/java/net/sf/acegisecurity/providers/dao/ldap/?>
- The issues with it are: AD only solution (not general to LDAP); requires the Netscape LDAP classes, which are open source, but are not widely used or available.
2. The other is Joseph's alterations to my v2 code, which I never got around to commiting as I was convienced I could refactor what I had to be much cleaner than it was. I can send you a copy of Joseph's code if you want.
I am still trying to finish a general LDAP solution that included proper support for AD style setups; but it seems that every time I think I'm going to have the time something else comes up at the last minute.
Gustavo Faerman wrote:Robert,
In our current scenario, we are using the ldap V1 authentication class and it is working fine authenticating against MS AD. Now, in this particular AD, a typical CN for a user is CN=Gustavo E. Faerman. Using this as the user name works fine. It happens users use the domain\samaccountname style to login, then they mostly do not know their full name.
I do not quite get how to configure the userContext to use the sammaccountname. I have tested the domain\sammaccountname with 3rd party ldap browsers and they work fine.
Any hints/tips?
Thanks in advance,
Gustavo.
On 6/25/05, Gustavo Faerman <[EMAIL PROTECTED] > wrote:Robert and Joseph,
Im looking the LdapPasswordAuthenticacionDao (R2).
Any chances you just share here your spring beans xml files for basic ldapSupport and UserSearchBean classes?. Just need to setup a quick test here.
Or any code where you just use this classes. Does not need to be productioni quality code. Just to move forward.
Thanks in advance,
Gustavo.
--
Robert r. Sanders
Chief Technologist
iPOV
(334) 821-5412
www.ipov.net
