Hi there, I'm trying to work out what is needed to implement a new authenticator within ApacheDS. The reason for this is that we have a legacy user system which we're unable to migrate.
I've looked at quite a few websites and I think that the process would be as follows : 1) Add an extra authenticator entry under ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors This would need to be the last authenticator used to ensure that the LDAP DIT is first checked and if the user is not found then to check the legacy system 2) Create the code that will pass the provided username / password to the external system and pass back a success or failure condition Furthermore how will the password policy be used ? For example if the legacy user attempts to login and supplies the incorrect password 3 times and locks his account in the legacy system - how will the authenticator / ldap system handle that. Does it's own password policy come in to play or is it completely ignored ? I've found the DelegatingAuthenticator example code - but if I was to use that, what would the entry look like in the DIT ? Regards Paul
