[jira] [Commented] (KNOX-34) Verify authentication via Active Directory using LDAP

Fri, 25 Oct 2013 17:45:44 -0700 

    [ 
https://issues.apache.org/jira/browse/KNOX-34?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13805896#comment-13805896
 ] 

Dilli Arumugam commented on KNOX-34:
------------------------------------

Have researched using an in house AD for authentication.

We could use either org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
 or org.apache.shiro.realm.ldap.JndiLdapRealm to authenticate to AD.
org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm adds value if we 
intend to use AD as authorization for Role look up.

At this point, we are not using AD as authorization source.
Given this, using org.apache.shiro.realm.ldap.JndiLdapRealm for authenticating 
to AD would required minimal configuration change and I propose that we use 
org.apache.shiro.realm.ldap.JndiLdapRealm to authenticate to AD.

A sample configuration snippet from shiro.ini that was verified with 
authenticatin to AD:

# define ldapRealm
# ldapRealm=org.apache.shiro.realm.ldap.JndiLdapRealm
# ldapRealm.contextFactory.authenticationMechanism=simple
ldapRealm.contextFactory.url=ldap://10.10.20.7:389
ldapRealm.userDnTemplate=cn={0},cn=users,DC=supportlab,DC=hortonworks,dc=com

The main difference beween a typical plain LDAP config versus that for AD is in
ldapRealm.userDnTemplate

For AD it looks like
ldapRealm.userDnTemplate=cn={0},cn=users,DC=supportlab,DC=hortonworks,DC=com

For Non AD it looks like
ldapRealm.userDnTemplate=uid={0},ou=people,dc=hadoop,dc=apache,dc=org

If AD has been configured to allow authentication for simple names, without 
requiring the full DN, you do not have to specify dapRealm.userDnTemplate.


> Verify authentication via Active Directory using LDAP 
> ------------------------------------------------------
>
>                 Key: KNOX-34
>                 URL: https://issues.apache.org/jira/browse/KNOX-34
>             Project: Apache Knox
>          Issue Type: Task
>          Components: Server
>    Affects Versions: 0.2.0
>            Reporter: Kevin Minder
>            Assignee: Dilli Arumugam
>             Fix For: 0.4.0
>
>
> From BUG-4312
> Research the configuration settings required to use AD as authentication 
> source and test



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to