Hi, We managed to get a custom authenticator and it works as expected now. Thanks for the help.
It seems we also need to mimic the lookup operation. Doing this with interceptor resulted in error message about missing entry. We found out that we need to implement custom partition [1]. ADStudio created a JDBM based partition, so it seems we need to change the implementation details into the configuration file. However we can't seem to find any existing examples on how to do this with the new configuration format. Any pointer to some existing config example about how to specify our own partition would be appreciated. Regards, Hristo Iliev -----Original Message----- From: Kiran Ayyagari [mailto:[email protected]] Sent: Tuesday, December 16, 2014 1:16 AM To: [email protected] Subject: Re: 2.0.0-M19 as LDAP wrapper/proxy On Mon, Dec 15, 2014 at 10:12 PM, Iliev, Hristo <[email protected]> wrote: > > Hi, > > We want to integrate Cloud Foundry UAA (#1) with authentication systems > not supporting LDAP natively. To do this we want to use ApacheDS 2.0.0-M19 > as protocol translator that accepts LDAP requests and delegates > authentication requests to our own backend. > > To do this we want to use client that talks to Apache DS with search & > bind or simple bind. The used user and password for the bind should then be > forwarded to our backend like this: Client -----> Apache DS -----> Backend > > We tried to use Interceptors as described in the documentation (#2) , but > we found out that lookup does not have information about the password (nor > entry in the LookupOperationContext), so this seems as dead-end. > the credential information will only be present in BindOperationContext what you need here is a delegating authenticator, take a look at the existing DelegatingAuthenticator[1] this is used for LDAP->LDAP authentication but should help you in modeling yours [1] http://svn.apache.org/repos/asf/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java > > Can someone recommend the best way to implement protocol > translator/proxy/wrapper with Apache DS 2.0.0? Should we use > RequestHandlers instead? > > Regards, > Hristo Iliev > > 1: https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-LDAP.md > 2: > https://cwiki.apache.org/confluence/display/DIRxSRVx11/6.2.+Implementing+a+simple+custom+Interceptor > > -- Kiran Ayyagari http://keydap.com
