Hi Michele,
I am not a AD specialist, but did you try using class LDAPUser instead
of ActiveDirectoryUser? The only difference is, that ActiveDirectoryUser
has as its binding using
CN= givenName lastName,..,
while the other just uses (configurable attribute name)
CN=username, .. .
where username is probably sAMAccountName (change configuration in
TurbineResources.properties to
services.SecurityService.user.class=org.apache.turbine.services.security.ldap.LDAPUser
) ?
-Best regards, Georg
Von: "Rabanal, Michele R." <[email protected]>
An: "[email protected]" <[email protected]>,
Datum: 26.08.2013 13:36
Betreff: Active Directory Authentication
I am trying to change my Turbine 2.3.3 application (running under
Tomcat) to use AD for authentication. I understand that this is a
2-step process:
1) search by username (I use SAMAccount)
2) Bind or authenticate using the DN and password.
The search by SAMAccount is successful (I can verify this in trace
data), but the authentication by DN is not. What appears to be
happening is that Turbine is building the CN from the first and last
names on the AD record. In AD it appears that the CN varies, it could
be first name/last name, first name/last name/middle initial, etc. My
question, why doesn't Turbine pull the CN off the AD record for the user
object instead of building it from first/last name? Is there any way to
make this work?
Thanks!
Michele
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
