On Mon, Jul 21, 2008 at 3:29 PM, Les Hazlewood <[EMAIL PROTECTED]> wrote: > There is Active Directory support in the form of our > org.jsecurity.realm.activedirectory.ActiveDirectoryRealm. > > http://jsecurity.svn.sourceforge.net/viewvc/jsecurity/trunk/src/org/jsecurity/realm/activedirectory/ActiveDirectoryRealm.java?revision=HEAD&view=markup > > Does that not meet your needs? If there are things you'd like us to add, > please let us know!
Yeah, I should have mentioned that I did in fact have a look at that class :-) Anyways, as far as I can see, that class uses the classical "connect to AD as any LDAP server" approach while AD has it's own ways of doing things. In my experiences, this is a problematic design as AD admins usually are not that used to generic LDAP clients but rather expect things to work as they normally do with Windows applications. As you can see in Kohsukes posts, this boils down to: 1. Finding the server automatically using DNS lookup. So, no URL is needed. 2. Authenticating using [EMAIL PROTECTED] No admin user/password needed. Domain needed instead, this is the only configuration that should be needed for AD authentication 3. IWA. For me, this is of less interest, but I could see that people would find it useful, especially for intranet deployments. I think JSecurity should do 1 and 2 at least. /niklas
