Hi Niklas, It is our mission to make this type of integration as easy as possible, so I definitely think we should support this. Could you please open a Jira issue and include the comments of this thread so we don't lose it?
https://issues.apache.org/jira/browse/JSEC Thanks! Les On Tue, Jul 22, 2008 at 4:40 PM, Niklas Gustavsson <[EMAIL PROTECTED]> wrote: > On Mon, Jul 21, 2008 at 3:29 PM, Les Hazlewood <[EMAIL PROTECTED]> wrote: > > There is Active Directory support in the form of our > > org.jsecurity.realm.activedirectory.ActiveDirectoryRealm. > > > > > http://jsecurity.svn.sourceforge.net/viewvc/jsecurity/trunk/src/org/jsecurity/realm/activedirectory/ActiveDirectoryRealm.java?revision=HEAD&view=markup > > > > Does that not meet your needs? If there are things you'd like us to add, > > please let us know! > > Yeah, I should have mentioned that I did in fact have a look at that class > :-) > > Anyways, as far as I can see, that class uses the classical "connect > to AD as any LDAP server" approach while AD has it's own ways of doing > things. In my experiences, this is a problematic design as AD admins > usually are not that used to generic LDAP clients but rather expect > things to work as they normally do with Windows applications. As you > can see in Kohsukes posts, this boils down to: > > 1. Finding the server automatically using DNS lookup. So, no URL is needed. > 2. Authenticating using [EMAIL PROTECTED] No admin user/password > needed. Domain needed instead, this is the only configuration that > should be needed for AD authentication > 3. IWA. For me, this is of less interest, but I could see that people > would find it useful, especially for intranet deployments. > > I think JSecurity should do 1 and 2 at least. > > /niklas >
