On 11/19/2010 4:41 AM, Emmanuel Lecharny wrote:
Hi guys,
yesterday, we had an interesting convo with Antoine, about the
definition of a dedicated Authenticator, and how to configure it.
First, the Authenticator interface can be implemented but it's
probably a better idea to extend the AbstractAuthenticator, as it
brings some references to teh underlying DirectoryService for free,
plus some default implementations to init and dispose the
Authenticator. One thing to take care of is the PasswordPolicy which
can be enabled or disabled. We have to determinate the best way to
deal with this service.
Thanks, will extend AbstractAuthenticator then.
Another aspect is the Authenticator configuration : how to inject it
and have it available when the server is stopped and restarted? The
solution is probably to extend the existing configuration, which is
based on the DIT. That means defining a specific Bean, plus the
associated OC and AT. We have to think about it, and I would suggest
we try to write a prototype that demonstrates the way to extend the
configuration. It has to be documented, as the Authenticator is an
extension point.
I need to configure at least the host and the port to which the
delegation happens. The class name of the new authenticator will be
org.apache.directory.server.core.authn.DelegatingAuthenticator.My DN
where I work is CN=Antoine Lambert, OU=132, OU=Users, OU=NYCSite,
DC=nyc,DC=com.
Maybe the DelegatingAuthenticator could work optionally with DN patterns.
I'm pretty sure it's not such a big deal, but we need time, and we
have littel :) I would suggest we follow closely Antoine's effort and
try to leverage what he is doing to improve the server *and* the
documentation...
Thanks !
Thanks too,
Antoine
