I'm going to second Jason's opinion. In our site authentication, we use the LDAP transformer, but only to extract the publicly available attributes for a given user (user cn, group membership, etc). The actual authentication is done with Java code called by a flowscript.
This works pretty well because the authentication method call returns a simple boolean and thus hides whatever complexity we may have in the LDAP setup. Stan Dyck On Sat, 2006-04-29 at 11:50 -0600, Jason Johnston wrote: > Sanket Pattekar wrote: > > Hi > > > > I have a user login page which has a user name and password implemeted > > using cocoon CForm. > > > > I problem is to authenticate this user's entered credentials against a > > LDAP server. As I understand there are 2 approaches we can follow > > > > 1. Use cocoons LDAP Transformer. > > 2. Use custom java-script code to do the authentication using flowscript. > > > > I do not have any knowledge about the LDAP Transformer, as to how it > > works, but going by the documentation, the LDAP Transformer just > > executes the LDAP query file. But there is lot more to do once I get > > the result from LDAP Transformer. I need to store some values in to > > the session(This I am doing using flowscript), if ldap authentication > > is successful, redirect to some page, or else show some error and > > redirect to the login page and lot more. > > > > All these can be easily done in the second approach, but this involves > > writing lot of java code for authentication. > > > > My question is WHICH IS THE BEST APPROACH TO DO LDAP AUTHENTICATION, > > using LDAP Transformer or using custom built java-script code > > My personal preference would be to stay within the flow control layer, > and implement your LDAP query as a Javascript function or a Java method > that returns a boolean. I think the LDAPTransformer is probably a good > tool for getting LDAP data into a pipeline for publishing purposes, but > IMO not the right tool for your job. > > If you use an existing Java LDAP library then the code you have to write > to perform the query should be minimal. > > Just my 2 cents. > --Jason > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
