On Mon, Dec 15, 2014 at 10:12 PM, Iliev, Hristo <[email protected]> wrote: > > Hi, > > We want to integrate Cloud Foundry UAA (#1) with authentication systems > not supporting LDAP natively. To do this we want to use ApacheDS 2.0.0-M19 > as protocol translator that accepts LDAP requests and delegates > authentication requests to our own backend. > > To do this we want to use client that talks to Apache DS with search & > bind or simple bind. The used user and password for the bind should then be > forwarded to our backend like this: Client -----> Apache DS -----> Backend > > We tried to use Interceptors as described in the documentation (#2) , but > we found out that lookup does not have information about the password (nor > entry in the LookupOperationContext), so this seems as dead-end. > the credential information will only be present in BindOperationContext what you need here is a delegating authenticator, take a look at the existing DelegatingAuthenticator[1] this is used for LDAP->LDAP authentication but should help you in modeling yours
[1] http://svn.apache.org/repos/asf/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java > > Can someone recommend the best way to implement protocol > translator/proxy/wrapper with Apache DS 2.0.0? Should we use > RequestHandlers instead? > > Regards, > Hristo Iliev > > 1: https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-LDAP.md > 2: > https://cwiki.apache.org/confluence/display/DIRxSRVx11/6.2.+Implementing+a+simple+custom+Interceptor > > -- Kiran Ayyagari http://keydap.com
