This is great Philippe - thanks very much for contributing! I'll try to get this in sometime in the next few days.
Best, Les On Fri, Jan 8, 2010 at 8:22 PM, Philippe Laflamme <[email protected]> wrote: > > Hi Les, > > I've created a JIRA issue for the improvement: > https://issues.apache.org/jira/browse/SHIRO-127 > > I've also attached a patch that improves the LDAP support. Creating an > LDAP realm is now pretty straightforward. > > The minimum configuration is as follows: > -- snip -- > [main] > ldapRealm=org.apache.shiro.realm.ldap.DefaultLdapRealm > ldapRealm.baseDn=dc=shiro,dc=apache,dc=org > -- snip -- > > This assumes your LDAP is on localhost:339 and anonymous authentication > is allowed. Otherwise, more settings need to be specified. I've created > a test case with a more complex example: see the JIRA for more info. > > Cheers, > Philippe > > Les Hazlewood-3 wrote: >> >> Hi Philippe, >> >> You've made a great point - please open up a Jira issue so we can >> track this. If there is a way to achieve generic LDAP implementation, >> we'll work to have it in the 1.0 release. >> >> I wasn't the original author of the AbstractLdapRealm hierarchy, so I >> wasn't very familiar with its implementation strategy. Any pointers >> or things that you see could be improved, please include them in the >> Jira issue comments. Of course, if you have any implementations or >> patches or test cases, those would be great as a Jira attachment as >> well (if possible). Anything helpful is appreciated! >> >> Cheers, >> >> Les >> >> On Thu, Jan 7, 2010 at 2:18 PM, Philippe Laflamme <[email protected]> >> wrote: >>> >>> Hello Shiro world, >>> >>> I'm looking for an example LDAP Realm configuration and cannot seem to >>> find >>> anyting. Please point me to some example if there is one. >>> >>> I've looked at the source and it seems that there is no implementation of >>> an >>> LDAP Realm. The only concrete implementation is the ActiveDirectoryRealm >>> (I >>> understand AD is similar to LDAP, but it's not == to LDAP). The closest >>> LDAP >>> Realm I can see is AbstractLDAPRealm, which is... well... Abstract! >>> >>> When I read that Shiro supports LDAP realms I figured I could point it to >>> my >>> server, specify the structure of my LDAP (DNs and so forth) and bingo! >>> I'd >>> be able to authenticate against it. I understand that authorization (role >>> and permission mapping) is another matter, but authentication should be >>> straightforward... no? >>> >>> I'm no LDAP/AD expert, so am I missing something? >>> >>> Looking at the ActiveDirectoryRealm, I can see that the >>> queryForAuthenticationInfo method is not AD-specific. Could it not belong >>> to >>> a DefaultLDAPRealm of some sort? >>> >>> BTW, Atlassian Crowd has some examples of connecting to "Generic LDAP >>> Directories" >>> http://confluence.atlassian.com/display/CROWD/Generic+LDAP+Directories >>> here >>> . >>> -- >>> View this message in context: >>> http://n2.nabble.com/Confusion-with-the-LDAP-Realm-tp4268254p4268254.html >>> Sent from the Shiro User mailing list archive at Nabble.com. >>> >> >> > > -- > View this message in context: > http://n2.nabble.com/Confusion-with-the-LDAP-Realm-tp4268254p4275843.html > Sent from the Shiro User mailing list archive at Nabble.com. >
