Jürgen Pabel schrieb: > Hi, > > first of all: great project!! > > I've implemented the LDAP authentication - for (my) ease, I've > uploaded the SWAMPLDAPAuthManager.java to one of our servers (I can only > send out .ZIP attachments from work and SF currently rejects them). > > http://labs.akkaya.de/software/SWAMP_LDAP.html > > The implementation checks (for loading a user) whether a user is already > in the DB, if so it loads that record - otherwise it loads it from LDAP > (it seems that was the intended way of the auth system - but I may have > misinterpreted it?). Authentication is done by trying to bind with the > supplied credentials to the LDAP server. The username in this > implementation is (kind of) expected to be a username part only and the > full LDAP DN is added within the code. > > I have developed/tested my implementation with a Windows AD, and > therefore the sample values below and some of my code are tweaked that > way - but I have added some logic to (at least in theory) make it work > with other LDAP servers (ie: base64 value encoding as implemented in > OpenLDAP for non-7bit ASCII values). However, especially the base64 code > is UNTESTED as I don't have an non-AD LDAP system at hand. > > > There are several configuration values, which need to be set in the > "WEB-INF/conf/defaults" file - here some sample values (roughly based on > our internal Windows AD setup): > > # ldap server > LDAP_BIND_URL=ldap://domaincontroller/ > # bind user and password > [EMAIL PROTECTED] > LDAP_BIND_PASS=password > > # where to search for user entries when looking up the username > LDAP_USER_BASEDN=dc=intranet,dc=akkaya,dc=de > # the search filter for user entries > LDAP_USER_FILTER=(&(objectClass=user)(sAMAccountName=%s)) > # this is used to construct the full DN from the username only and in > # this form only works with M$ ADs > [EMAIL PROTECTED] > > # Attributes from which to fetch the user data > LDAP_USER_ATTR_GIVENNAME=givenName > LDAP_USER_ATTR_SURNAME=sn > LDAP_USER_ATTR_EMAIL=mail > > Please note again that the Email-style usernames are a feature only > implemented in MS AD - for other LDAP servers you'll most likely need > regular LDAP DN based usernames, like so: > > LDAP_BIND_USER=cn=SWAMP,dc=intranet,dc=akkaya,dc=de > LDAP_USER_TEMPLATE=cn=%s,dc=intranet,dc=akkaya,dc=de > > If you would like to log in using a full LDAP DN, set these: > > LDAP_USER_FILTER= > LDAP_USER_TEMPLATE=%s > > However, two warnings: > - this is untested (I think it should work like this) > - I don't know if SWAMP chokes on such a "complex" username > > If you've build from source and would like to integrate this in your > "build", here's the run-down (<SRC> being the base directory with the > SWAMP sources): > > - extract file in archive to: > <SRC>/src/de/suse/swamp/core/security > - in <SRC>: > ant compile-swamp > - copy compiled class into tomcat (stop first): > cp <SRC>/build/de/suse/swamp/core/security/SWAMPLDAPUserManager.class > <TOMCAT_BASE>/common/classes/de/suse/swamp/core/security/ > - set AUTH_CLASS in <TOMCAT_WEBAPPS>/webswamp/WEB-INF/conf/defaults to: > de.suse.swamp.core.security.SWAMPLDAPUserManager > - set LDAP configuration values as stated above in: > <TOMCAT_WEBAPPS>/webswamp/WEB-INF/conf/defaults > > > I would like for this to be a one-time contribution, as I really don't > have time to support/continue developing this code (I will answer > questions, but please CC me, as I don't read this list). If you like > this implementation, please integrate it in the project. > > jp
Hi Jürgen, thanks this is a very cool addition to SWAMP. However, I also worked on a generic LDAP authentication class that's already added to the svn codebase. But it's cool to have a Windows AD integration and your class has more configuration options than ours. I will integrate your code and include it in one of the next releases, so you don't have to maintain it. Greetings -- Thomas Schmidt (tschmidt [at] suse.de) SUSE Linux Products GmbH :: Research & Development :: Internal Tools "Wir sind nicht in Vietnam, sondern beim Bowling. Hier gibt es Regeln." John Goodman in Big Lebowsky ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ swamp-devel mailing list swamp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/swamp-devel http://swamp.sf.net
