Some authz stuff would be great too, but I'd have to think on how to do that in a generic manner.
On 03/31/2011 04:43 PM, Les Hazlewood wrote: > Great feedback - thanks Jared. > > Les > > On Thu, Mar 31, 2011 at 2:29 PM, Jared Bunting > <[email protected]> wrote: >> Basically. >> >> Also a "userLookupQuery" as an alternative to "userDnTemplate". I'd be >> happy to write the patch, but unfortunately by current work environment >> doesn't provide me the opportunity to test LDAP authentication. So, I'll >> write it if someone else can test it. >> >> Thanks, >> Jared >> >> On 03/31/2011 04:26 PM, Les Hazlewood wrote: >>> So you mean a 'connectionUserDn' and a 'connectionPassword' to connect >>> to LDAP to perform ad-hoc queries, and not just the DN format that is >>> used for authenticating end-users via a bind operation. Correct? >>> >>> Thanks, >>> >>> Les >>> >>> On Thu, Mar 31, 2011 at 2:03 PM, Jared Bunting >>> <[email protected]> wrote: >>>> As was mentioned in the other thread, the ability to do a query >>>> (potentially with a configurable username/password) in order to determine >>>> the user dn would be enormously useful. This is a fairly standard way to >>>> do ldap authentication (typically the "username" is an attribute of the >>>> dn) and shiro should probably support it by default. >>>> >>>> Thanks, >>>> Jared >>>> >>>> On 03/31/2011 12:53 PM, Les Hazlewood wrote: >>>>> Hi folks, >>>>> >>>>> The latest LDAP support currently is in the form of the JndiLdapRealm. >>>>> >>>>> Unfortunately, this name has confused enough people - often they think >>>>> they need to be using JNDI in order to use it (this is not the case - >>>>> the JNDI API itself is used as an implementation strategy, and it does >>>>> not require that anything be actually stored in JNDI, but that's >>>>> beside the point). >>>>> >>>>> Because of this, there is a Jira issue to rename it to something else >>>>> for the next release (i.e. deprecate JndiLdapRealm and create a >>>>> 'DefaultJndiRealm' or something like that). When we do that, we have >>>>> the opportunity to make it better and/or add features. >>>>> >>>>> What is missing from Shiro's LDAP support that you would need in order >>>>> to use it 'out-of-the-box' with your apps? Ideally I'd like to get as >>>>> much in there such that subclassing is rarely necessary. >>>>> >>>>> All suggestions are welcome! >>>>> >>>>> Thanks, >>>>> >>>>> Les
signature.asc
Description: OpenPGP digital signature
