Hi Les, I've created a JIRA issue for the improvement: https://issues.apache.org/jira/browse/SHIRO-127
I've also attached a patch that improves the LDAP support. Creating an LDAP realm is now pretty straightforward. The minimum configuration is as follows: -- snip -- [main] ldapRealm=org.apache.shiro.realm.ldap.DefaultLdapRealm ldapRealm.baseDn=dc=shiro,dc=apache,dc=org -- snip -- This assumes your LDAP is on localhost:339 and anonymous authentication is allowed. Otherwise, more settings need to be specified. I've created a test case with a more complex example: see the JIRA for more info. Cheers, Philippe Les Hazlewood-3 wrote: > > Hi Philippe, > > You've made a great point - please open up a Jira issue so we can > track this. If there is a way to achieve generic LDAP implementation, > we'll work to have it in the 1.0 release. > > I wasn't the original author of the AbstractLdapRealm hierarchy, so I > wasn't very familiar with its implementation strategy. Any pointers > or things that you see could be improved, please include them in the > Jira issue comments. Of course, if you have any implementations or > patches or test cases, those would be great as a Jira attachment as > well (if possible). Anything helpful is appreciated! > > Cheers, > > Les > > On Thu, Jan 7, 2010 at 2:18 PM, Philippe Laflamme <[email protected]> > wrote: >> >> Hello Shiro world, >> >> I'm looking for an example LDAP Realm configuration and cannot seem to >> find >> anyting. Please point me to some example if there is one. >> >> I've looked at the source and it seems that there is no implementation of >> an >> LDAP Realm. The only concrete implementation is the ActiveDirectoryRealm >> (I >> understand AD is similar to LDAP, but it's not == to LDAP). The closest >> LDAP >> Realm I can see is AbstractLDAPRealm, which is... well... Abstract! >> >> When I read that Shiro supports LDAP realms I figured I could point it to >> my >> server, specify the structure of my LDAP (DNs and so forth) and bingo! >> I'd >> be able to authenticate against it. I understand that authorization (role >> and permission mapping) is another matter, but authentication should be >> straightforward... no? >> >> I'm no LDAP/AD expert, so am I missing something? >> >> Looking at the ActiveDirectoryRealm, I can see that the >> queryForAuthenticationInfo method is not AD-specific. Could it not belong >> to >> a DefaultLDAPRealm of some sort? >> >> BTW, Atlassian Crowd has some examples of connecting to "Generic LDAP >> Directories" >> http://confluence.atlassian.com/display/CROWD/Generic+LDAP+Directories >> here >> . >> -- >> View this message in context: >> http://n2.nabble.com/Confusion-with-the-LDAP-Realm-tp4268254p4268254.html >> Sent from the Shiro User mailing list archive at Nabble.com. >> > > -- View this message in context: http://n2.nabble.com/Confusion-with-the-LDAP-Realm-tp4268254p4275843.html Sent from the Shiro User mailing list archive at Nabble.com.
