cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rod Giffin" <...@giffinscientific.com>
Subject Re: LDAP authentification with username and password
Date Thu, 20 Nov 2003 14:18:49 GMT
Stephanie Zohner said:
> Hi,
>
> I make use of the LDAP transformer for authentification in my web
> application.
>
> When I understood the documentation right then Authentification requires
> 2 steps:
>
> 1. get all necessary user data (username & password) from all users in
> LDAP 2. Compare the username/password provided with the login with all
> data sets retrieved from LDAP, if there is a match, the authenfification
> was successful.
>
> Is that right?
>
> Here's my problem then.
>
> I can retrieve both, username and password, but how can I compare the
> passwords. The password retrieved from LDAP is encrypted. So in order to
> compare
> them, I need to encrypt the password on Cocoon side with the same
> algoithm, right.
> Where do I get the encryption algorithm from?

Hi Stephanie, I'm afraid you have some reading to do.  This is a very big
issue that can't really be handled by e-mail. You do not have to encrypt
the password on the Cocoon side, in fact you shouldn't. What you should do
instead is let the LDAP server authenticate your user based on the
information you pass.  You'll need an API to do this.  At the moment the
best choice is the JLDAP api available from Novell.

http://developer.novell.com/ndk/ldap-index.htm.

There are code examples as well, so you can see how things are done, but I
suggest reading the documentation quite carefully.

Rod.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message