Hi,
you should have a look at what Edouard De Oliveira proposed in MINA.
Don't know if it covers your need, but maybe.
My 2cts
Niklas Gustavsson wrote:
On Mon, Jul 21, 2008 at 3:29 PM, Les Hazlewood <[EMAIL PROTECTED]> wrote:
There is Active Directory support in the form of our
org.jsecurity.realm.activedirectory.ActiveDirectoryRealm.
http://jsecurity.svn.sourceforge.net/viewvc/jsecurity/trunk/src/org/jsecurity/realm/activedirectory/ActiveDirectoryRealm.java?revision=HEAD&view=markup
Does that not meet your needs? If there are things you'd like us to add,
please let us know!
Yeah, I should have mentioned that I did in fact have a look at that class :-)
Anyways, as far as I can see, that class uses the classical "connect
to AD as any LDAP server" approach while AD has it's own ways of doing
things. In my experiences, this is a problematic design as AD admins
usually are not that used to generic LDAP clients but rather expect
things to work as they normally do with Windows applications. As you
can see in Kohsukes posts, this boils down to:
1. Finding the server automatically using DNS lookup. So, no URL is needed.
2. Authenticating using [EMAIL PROTECTED] No admin user/password
needed. Domain needed instead, this is the only configuration that
should be needed for AD authentication
3. IWA. For me, this is of less interest, but I could see that people
would find it useful, especially for intranet deployments.
I think JSecurity should do 1 and 2 at least.
/niklas
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
