Hi,
I am going to start today writing an implementation of the delegation of
authentication. Once I will have written something that works I will
attach my code to JIRA [1].
I plan to use the JNDIRealm [2] [3] of tomcat as a reference to know how
to configure and implement the delegation of authentication.
Funny, I thought that perhaps there was a magic LDAP API to know whether
a password is valid and it turns out that JNDIRealm actually binds the
user to the target LDAP server to find out whether his/her credentials
are valid.
What would be the steps to implement this ? I guess I should start by
listing the attributes needed to do this delegation of authentication,
then create a new object class in the adsconfig schema, for instance
adsAuthDelegation and the corresponding attribute types for instance
adsAuthDelegationURL.
Then write a new bean class to hold the connection parameters for the
delegation of authentication.
Does the adsAuthDelegation fit in the DIT under adsLdapServer ?
Regards,
Antoine
[1] https://issues.apache.org/jira/browse/DIRSERVER-1422
[2] http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JNDIRealm
[3]
https://svn.apache.org/repos/asf/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
