Thanks Tomas, It works well. I guess you should put this info in the wiki soon :-)
Good job. Regards, Prabesh Bhaskaran. Tomas Reverter wrote: > > > Prabeshb wrote: >> >> Hi, >> I was trying to integrate the LDAP with the appfuse code. I have the JSF >> archtype project and was trying to add the LDAP. I tired the tutorial >> which is under the location >> http://appfuse.org/display/APF/LDAP+Authentication but that does not >> seems to be working. The document is based on the acegi security and >> appfuse 1.9. Is there any document/tutorial for appfuse 2.0 and spring >> security? >> >> Please share if there is any information regarding the LDAP integration >> with Appfuse2.0 >> >> Looking forward for an early reply. >> >> Regards, >> Prabesh >> >> > > Hi, > > Last week I configured Spring Security to connect to LDAP server. > Basically 2 parts: configure dependencies and security.xml. > > In your pom.xml, add the dependencies: > <dependencies> > ... > <dependency> > <groupId>org.springframework.ldap</groupId> > <artifactId>spring-ldap-core</artifactId> > <version>${spring.ldap.version}</version> > </dependency> > <dependency> > <groupId>org.springframework.ldap</groupId> > <artifactId>spring-ldap-core-tiger</artifactId> > <version>${spring.ldap.version}</version> > </dependency> > ... > </dependencies> > The steps in the security.xml file are: > * Turn off the default password encoder > > <!-- > <authentication-provider user-service-ref="userDao"> > <password-encoder ref="passwordEncoder"/> > </authentication-provider> > --> > > * Configure the ldap server > > <ldap-server id="ldapServer" > url="ldap://localhost:389/dc=example,dc=com"; > manager-dn="cn=Manager,dc=example,dc=com" manager-password="pass"/> > > If you don't specify the manager-dn and manager-password the connection > will be anonymous. > > * Configure the binding procedure (how ldap will do the autentication) and > the populate procedure (how ldap will do the autorization, with this > configuration you need to have a cn property in the LDAP to map the > correct roles inside the application). > > <beans:bean id="userSearch" > > class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> > <beans:constructor-arg index="0" value=""/> > <beans:constructor-arg index="1" value="(uid={0})"/> > <beans:constructor-arg index="2" ref="ldapServer" /> > </beans:bean> > > <beans:bean id="ldapAuthenticationProvider" > > class="org.springframework.security.providers.ldap.LdapAuthenticationProvider" > autowire="default"> > <custom-authentication-provider/> > <beans:constructor-arg> > <beans:bean > class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> > <beans:constructor-arg ref="ldapServer"/> > <beans:property name="userDnPatterns"> > > <beans:list><beans:value>uid={0},ou=People</beans:value></beans:list> > </beans:property> > <beans:property name="userSearch" ref="userSearch"/> > </beans:bean> > </beans:constructor-arg> > <beans:constructor-arg> > <beans:bean > class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator"> > <beans:constructor-arg ref="ldapServer"/> > <beans:constructor-arg value="ou=People"/> > <beans:property name="groupRoleAttribute" value="cn"/> > <!-- <beans:property name="groupSearchFilter" > value="(objectClass=*)"/> --> > </beans:bean> > </beans:constructor-arg> > </beans:bean> > > You can create your custom Populator, in case of you want to have the > mapping logic about what role have one user. > > And that's all! > > And one recommendation, you can configure the log4j.xml file to see what's > happening in the spring security environment: > > <logger name="org.springframework.security"> > <level value="DEBUG"/> > </logger> > > <logger name="org.springframework.ldap"> > <level value="DEBUG"/> > </logger> > > I want to write this, and some other brief tutorials, on the AppFuse > wiki... Soon :-) > > Regards, > -- View this message in context: http://www.nabble.com/LDAP-integration-with-Appfuse2.0-tp24075028s2369p24167432.html Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net For additional commands, e-mail: users-h...@appfuse.dev.java.net
