I echo Les' sentiments. Also, we would welcome any contributions to
solve this issue as well!
On Jul 22, 2008, at 4:54 PM, Les Hazlewood wrote:
Hi Niklas,
It is our mission to make this type of integration as easy as
possible, so I
definitely think we should support this. Could you please open a
Jira issue
and include the comments of this thread so we don't lose it?
https://issues.apache.org/jira/browse/JSEC
Thanks!
Les
On Tue, Jul 22, 2008 at 4:40 PM, Niklas Gustavsson <[EMAIL PROTECTED]
>
wrote:
On Mon, Jul 21, 2008 at 3:29 PM, Les Hazlewood <[EMAIL PROTECTED]>
wrote:
There is Active Directory support in the form of our
org.jsecurity.realm.activedirectory.ActiveDirectoryRealm.
http://jsecurity.svn.sourceforge.net/viewvc/jsecurity/trunk/src/org/jsecurity/realm/activedirectory/ActiveDirectoryRealm.java?revision=HEAD&view=markup
Does that not meet your needs? If there are things you'd like us
to add,
please let us know!
Yeah, I should have mentioned that I did in fact have a look at
that class
:-)
Anyways, as far as I can see, that class uses the classical "connect
to AD as any LDAP server" approach while AD has it's own ways of
doing
things. In my experiences, this is a problematic design as AD admins
usually are not that used to generic LDAP clients but rather expect
things to work as they normally do with Windows applications. As you
can see in Kohsukes posts, this boils down to:
1. Finding the server automatically using DNS lookup. So, no URL is
needed.
2. Authenticating using [EMAIL PROTECTED] No admin user/password
needed. Domain needed instead, this is the only configuration that
should be needed for AD authentication
3. IWA. For me, this is of less interest, but I could see that people
would find it useful, especially for intranet deployments.
I think JSecurity should do 1 and 2 at least.
/niklas
