[jira] [Commented] (KNOX-242) knox needs to support basedn, search attribute based LDAP authentication

Mon, 19 May 2014 18:05:24 -0700 

    [ 
https://issues.apache.org/jira/browse/KNOX-242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14002668#comment-14002668
 ] 

ASF subversion and git services commented on KNOX-242:
------------------------------------------------------

Commit a4383ec24c38c16f406255e77248daec32308242 in knox's branch 
refs/heads/master from [~darumugam]
[ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=a4383ec ]

 KNOX-375: add functional test for KNOX-242 find client bind dn using ldapsearch


> knox needs to support basedn,  search attribute based LDAP authentication
> -------------------------------------------------------------------------
>
>                 Key: KNOX-242
>                 URL: https://issues.apache.org/jira/browse/KNOX-242
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Dilli Arumugam
>            Assignee: Dilli Arumugam
>
> To set the context,  here is the authentication provider specification in a 
> Knox topology file:
>  <provider>
>             <role>authentication</role>
>             <enabled>true</enabled>
>             <name>ShiroProvider</name>
>             <param>
>                 <name>main.ldapRealm</name>
>                 <value>org.apache.shiro.realm.ldap.JndiLdapRealm</value>
>             </param>
>             <param>
>                 <name>main.ldapRealm.userDnTemplate</name>
>                 <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
>             </param>
>             <param>
>                 <name>main.ldapRealm.contextFactory.url</name>
>                 <value>ldap://localhost:33389</value>
>             </param>
>             <param>
>                 
> <name>main.ldapRealm.contextFactory.authenticationMechanism</name>
>                 <value>simple</value>
>             </param>
>             <param>
>                 <name>urls./**</name>
>                 <value>authcBasic</value>
>             </param>
>         </provider>
> This allows configurable userDnTemplate to infer the bindDN based on the  
> authenticating user name.
> However,  in enterprise use cases,  it is not always possible to infer bindDN 
> based on authenticating username using a template like this.
> We have to do a search in the directory based on the userName mapped to a 
> configurable attribute name to find the userDN.  This means,  we should add 
> at least one additional configuration parameter such as 
> userSearchTemplate.
> An example value for userSearchTemplate
> (&(uid={0})(objectclass=inetorgperson))
> BaseDN for search can be specified as part of
> contextFactory.url



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to