I am connecting Magnolia (Enterprise Trial version) to our Active Directory environment using the ADAuthenticationModule. With the documentation on the site that works, I can authenticate logins that way, although I have to add the AD groups manually to Magnolia. Unfortunately the way it currently authenticates the user is a bit typical, and will not easily work in our enviroment. The module currently uses the following procedure: - Take accountname and search in AD the corresponding account. - Use the CN from the account and try to authenticate in a loop making a DN using java.naming.security.principal entries
This works of course, unfortunately, we have quite a few OU's which would result in a long list of java.naming.security.principal entries and corresponding number of authentication failures. This will probably get met in hot water with the AD admin's. The question to me is, why doesn't the module use the DN from the account to authenticate ? That would work directly, and would not require a 'try' loop. Regards, -- Rico Jansen ([email protected]) "You call it untidy, I call it LRU ordered" -- Daniel Barlow ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
