[
https://issues.apache.org/jira/browse/DIRSERVER-1422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17234972#comment-17234972
]
Ryan edited comment on DIRSERVER-1422 at 11/18/20, 7:51 PM:
------------------------------------------------------------
I just went through the exercise of configuring this Authenticator
(DelegatingAuthenticator) using java directly. A couple of things to consider
when working with this:
1) The baseDn needs to be schema aware:
!image-2020-11-18-09-39-54-164.png|width=257,height=97!
I was passing in a simple new Dn("dc=com") value that was failing to trigger
the authenticator. You need:
new Dn(service.getSchemaManager(),"dc=com");
The static const referenced here, threw me off a bit:
!image-2020-11-18-09-42-29-147.png!
Line 217 of Dn.class
2) I was puzzled, initially, if this authenticator actually needed an entry in
ApacheDs to enable this feature. Indeed, it does, which is a good thing, I see
looking forward, with my particular usage, at enabling attaching role
information to these users in ApacheDs where authentication is handled
'upstream'.
was (Author: ryanrolland):
I just went through the exercise of configuring this Authenticator
(DelegatingAuthenticator) using java directly. A couple of things to consider
when working with this:
1) The baseDn needs to be schema aware:
!image-2020-11-18-09-39-54-164.png|width=257,height=97!
I was passing in a simple new Dn("dc=com") value that was failing to trigger
the authenticator. You need:
new Dn(service.getSchemaManager(),"dc=com");
The static const referenced here threw me off a bit:
!image-2020-11-18-09-42-29-147.png!
Line 217 of Dn.class
2) I was puzzled, initially, if this authenticator actually needed an entry in
ApacheDs to enable this feature. Indeed, it does, which is a good thing, I see
looking forward, with my particular usage, at enabling attaching role
information to these users in ApacheDs where authentication is handled
'upstream'.
> Delegation of Authentication
> ----------------------------
>
> Key: DIRSERVER-1422
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1422
> Project: Directory ApacheDS
> Issue Type: New Feature
> Components: authn
> Affects Versions: 1.5.5
> Reporter: Bryce Nordgren
> Priority: Major
> Fix For: 2.0.0.AM26
>
> Attachments: image-2020-11-18-09-39-54-164.png,
> image-2020-11-18-09-42-29-147.png
>
>
> Implement the "Delegation of Authentication" feature as described here:
> [https://cwiki.apache.org/confluence/display/DIRxSRVx11/Delegation+of+Authentication].
>
> It is currently unknown as to whether this feature could be implemented
> rather simply as a custom authenticator, or whether this implementation would
> require virtual attributes (described by ticket #1067.)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
