Hi, thanks for integrating my code, I've just looked at the SVN merge and I noticed a few things:
- "my" implementation lacks the check for "anonymous" - "my" implementation should probably now return "AkkayaLDAPUserManager" in toString()? - "my" code could probably use some Logger'ing - "your" implementation uses "de.suse.auth", which is not in the SVN? jp Thomas Schmidt schrieb: > Jürgen Pabel schrieb: >> Hi, >> >> first of all: great project!! >> >> I've implemented the LDAP authentication - for (my) ease, I've >> uploaded the SWAMPLDAPAuthManager.java to one of our servers (I can only >> send out .ZIP attachments from work and SF currently rejects them). >> >> http://labs.akkaya.de/software/SWAMP_LDAP.html >> >> The implementation checks (for loading a user) whether a user is already >> in the DB, if so it loads that record - otherwise it loads it from LDAP >> (it seems that was the intended way of the auth system - but I may have >> misinterpreted it?). Authentication is done by trying to bind with the >> supplied credentials to the LDAP server. The username in this >> implementation is (kind of) expected to be a username part only and the >> full LDAP DN is added within the code. >> >> I have developed/tested my implementation with a Windows AD, and >> therefore the sample values below and some of my code are tweaked that >> way - but I have added some logic to (at least in theory) make it work >> with other LDAP servers (ie: base64 value encoding as implemented in >> OpenLDAP for non-7bit ASCII values). However, especially the base64 code >> is UNTESTED as I don't have an non-AD LDAP system at hand. >> >> >> There are several configuration values, which need to be set in the >> "WEB-INF/conf/defaults" file - here some sample values (roughly based on >> our internal Windows AD setup): >> >> # ldap server >> LDAP_BIND_URL=ldap://domaincontroller/ >> # bind user and password >> [EMAIL PROTECTED] >> LDAP_BIND_PASS=password >> >> # where to search for user entries when looking up the username >> LDAP_USER_BASEDN=dc=intranet,dc=akkaya,dc=de >> # the search filter for user entries >> LDAP_USER_FILTER=(&(objectClass=user)(sAMAccountName=%s)) >> # this is used to construct the full DN from the username only and in >> # this form only works with M$ ADs >> [EMAIL PROTECTED] >> >> # Attributes from which to fetch the user data >> LDAP_USER_ATTR_GIVENNAME=givenName >> LDAP_USER_ATTR_SURNAME=sn >> LDAP_USER_ATTR_EMAIL=mail >> >> Please note again that the Email-style usernames are a feature only >> implemented in MS AD - for other LDAP servers you'll most likely need >> regular LDAP DN based usernames, like so: >> >> LDAP_BIND_USER=cn=SWAMP,dc=intranet,dc=akkaya,dc=de >> LDAP_USER_TEMPLATE=cn=%s,dc=intranet,dc=akkaya,dc=de >> >> If you would like to log in using a full LDAP DN, set these: >> >> LDAP_USER_FILTER= >> LDAP_USER_TEMPLATE=%s >> >> However, two warnings: >> - this is untested (I think it should work like this) >> - I don't know if SWAMP chokes on such a "complex" username >> >> If you've build from source and would like to integrate this in your >> "build", here's the run-down (<SRC> being the base directory with the >> SWAMP sources): >> >> - extract file in archive to: >> <SRC>/src/de/suse/swamp/core/security >> - in <SRC>: >> ant compile-swamp >> - copy compiled class into tomcat (stop first): >> cp <SRC>/build/de/suse/swamp/core/security/SWAMPLDAPUserManager.class >> <TOMCAT_BASE>/common/classes/de/suse/swamp/core/security/ >> - set AUTH_CLASS in <TOMCAT_WEBAPPS>/webswamp/WEB-INF/conf/defaults to: >> de.suse.swamp.core.security.SWAMPLDAPUserManager >> - set LDAP configuration values as stated above in: >> <TOMCAT_WEBAPPS>/webswamp/WEB-INF/conf/defaults >> >> >> I would like for this to be a one-time contribution, as I really don't >> have time to support/continue developing this code (I will answer >> questions, but please CC me, as I don't read this list). If you like >> this implementation, please integrate it in the project. >> >> jp > > Hi Jürgen, thanks this is a very cool addition to SWAMP. > However, I also worked on a generic LDAP authentication class that's > already > added to the svn codebase. But it's cool to have a Windows AD integration > and your class has more configuration options than ours. > I will integrate your code and include it in one of the next releases, > so you don't have to maintain it. > Greetings > -- Jürgen Pabel, CISSP Akkaya Consulting GmbH Eupener Straße 137 50933 Köln Telefon: +49 221 9473007 Telefax: +49 221 4911970 Mobil: +49 160 8806134 E-Mail: [EMAIL PROTECTED] Internet: http://www.akkaya.de ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ swamp-devel mailing list swamp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/swamp-devel http://swamp.sf.net
