Hello Torsten,
I fell in the same problem. what I did if the integration of an ldap API
and
added a method to LoginServices, and to security.properties
I send you the patch here (it concerns a CVS diff unfortunaltely but
it's so
basic that you can reproduce it).
The API integrated is the one of Mozzila LDAP
The use is very easy, you set useLDAP to true to use the parametrized ldap
server, otherwise the party module is used to do authentification.
The privileges configuration remains in Party Management module
Amine.
Index: ./securityext/src/org/ofbiz/securityext/login/LoginServices.java
===================================================================
RCS file:
/cvsroot/neogia/ofbizNeogia/applications/securityext/src/org/ofbiz/securityext/login/Attic/LoginServices.java,v
retrieving revision 1.1.1.4
diff -r1.1.1.4 LoginServices.java
27a28,30
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPException;
147c150,162
<
---
//this is useful in case someone wants to have an
ldap authentification
//it also requires that use create connections on
the party manager
boolean useLdap = "true".equals(
UtilProperties.getPropertyValue("security.properties", "login.useLDAP"));
boolean validPass = false;
if (!useLdap) {
validPass = (userLogin.get("currentPassword")
!= null &&
(realPassword.equals(
userLogin.getString("currentPassword")) ||
("true".equals(
UtilProperties.getPropertyValue("security.properties", "
password.accept.encrypted.and.plain")) && password.equals(
userLogin.getString("currentPassword")))));
} else {
validPass = userLoginLdap(ctx, context);
}
150,152c165
< if ((userLogin.get("currentPassword") != null &&
<
(realPassword.equals(userLogin.getString("currentPassword"))
||
< ("true".equals(
UtilProperties.getPropertyValue("security.properties", "
password.accept.encrypted.and.plain")) && password.equals(
userLogin.getString("currentPassword")))))) {
---
if (validPass) {
769a783,811
private static boolean userLoginLdap(DispatchContext ctx, Map
context)
{
String host =
UtilProperties.getPropertyValue("security.properties",
"ldap.host.name");
int port = Integer.parseInt(UtilProperties.getPropertyValue("
security.properties", "ldap.host.port"));
int protocol = Integer.parseInt(UtilProperties.getPropertyValue("
security.properties", "ldap.protocol"));;
String baseDN = UtilProperties.getPropertyValue("
security.properties", "ldap.baseDN");
String ldapUser = UtilProperties.getPropertyValue("
security.properties", "ldap.user");
String ldapPassword = UtilProperties.getPropertyValue("
security.properties", "ldap.password");
String username = (String) context.get("login.username");
if (username == null) username = (String)
context.get("username");
String password = (String) context.get("login.password");
if (password == null) password = (String)
context.get("password");
LDAPConnection conn = new LDAPConnection();
try {
conn.connect(host, port, ldapUser, ldapPassword);
conn.authenticate(protocol, username, password);
} catch ( LDAPException e ) {
Debug.logVerbose("Error number: " + e.getLDAPResultCode(),
module) ;
break;
}
return false;
}
return true;
}
Index: ./security/config/security.properties
===================================================================
RCS file:
/cvsroot/neogia/ofbizNeogia/framework/security/config/security.properties,v
retrieving revision 1.1.1.3
diff -r1.1.1.3 security.properties
53a54,64
# --ldap parameters
ldap.host.name=ldapSrv
ldap.host.port=389
ldap.baseDN=dc=neogia,dc=org
ldap.protocol=3
ldap.user=cn=myUserid,ou=Myou,ou=MyOU2,dc=neogia,dc=org
ldap.password=myPass
login.useLDAP=false
2007/3/1, Torsten Schlabach <[EMAIL PROTECTED]>:
Change or provide an alternative implementation?
If I did either one, would you commit it?
I mean, would that be a "clean" solution?
David E. Jones schrieb:
>
> Rather than trying to do this through the entity engine it might be
> better/easier to just change the userLogin service to look at both
> sources, and manage conflicts as desired, etc.
>
> -David
>
>
> On Feb 28, 2007, at 11:29 AM, Torsten Schlabach wrote:
>
>> Hi!
>>
>> I think I am about to find my way through OFBiz internals, so
>> basically I am just asking for confirmation and some little hints.
>>
>> What I am trying to do is to read users and their passwords not from
>> the embedded Derby database but from a given LDAP directory.
>>
>> I have taken a look at org.ofbiz.common.login.LoginServices. From
>> there I find out that it's using a delegator to retrieve the username
>> and corresponding password through the entity engine.
>>
>> Am I right that I would have to configure the entity engine in a way
>> that it keeps retrieving anything else from where it does today, but
>> that I would have to tell it to use a different datasource for the
>> entity UserLogin?
>>
>> I haven't found that specific place yet, but hopefully that shouldn't
>> be that difficult.
>>
>> But browsing pre-defined datasources in entityengine.xml, I did not
>> find anything which looked like LDAP to me. So I wonder: Are
>> delegators tied to SQL databases and JDBC? Or to something which has
>> to have a relational structure? (LDAP can be mapped into a relational
>> structure, but as we know, it's not relational by default.)
>>
>> Would I have to code a new implementation of a Delegator to talk to
>> an LDAP server? Or would there be a way to achieve this just through
>> configuration?
>>
>> Also I haven't yet found the place where datasources, delegators and
>> entities are connected.
>>
>> Can this be done at all at reasonable effort?
>>
>> I am thinking of implementing my own replacement for LoginServices as
>> an alternative. That would for example allow to check for container
>> based authentication (getUserPrincial()). But that would just manage
>> logins. I would loose the chance to create new users through OFBiz,
>> wouldn't I?
>>
>> Any comments or pointers to specific documents are welcome.
>>
>> Regards,
>> Torsten
>
>
