hi Richard,
The essence of the problem that I'm trying to solve is that we use a
third-party product that can either use its own database for storing
credentials and user roles OR it can talk to an external provider via its
built-in LDAP (v3) client. Company security policy dictates that it must
utilize the corporate "customer LDAP", but because of the believed need for
additional controls, this LDAP can be accessed only through a specific
[java] API. So, my not-fully-baked idea was that I could set up Apache DS
and point the 3rd-party product at it, and then add a custom authenticator
which invoked the supplied API when the bind request was processed by Apache
DS.
It is certainly possible. Take a look at the various authenticators present
under
the package org.apache.directory.server.core.authn
You need to write a custom authenticator and inject it in the server.xml
replacing the
<authenticationInterceptor/> tag
<authenticationInterceptor>
<authenticators>
<!-- this authenticators property takes Set<Authenticator> -->
<set>
<bean id="myAuthenticator" class="my.auth.class.name">
</bean>
</set>
</authenticators>
</authenticationInterceptor>
PS:- am no spring expert so please double check about setting the value of
<authenticators> using spring
HTH
Kiran Ayyagari
