directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <elecha...@gmail.com>
Subject Re: Using Apache ds in a web application - user names, passwords
Date Tue, 22 May 2007 08:26:13 GMT
Hi Ceren,

in the code you pasted at the end of you rmail, you are using the
administrator to connect to the server. Even if this is perfectly legal, I
would not recommand to allow users to do so, as they will gain full control
over the server, and then delete some vital information.

The best solution would be to create a place in the DIT where you store the
users, with their password, and ask them to authenticate with those
informations.

I will recommend you read the following page :
http://directory.apache.org/apacheds/1.0/31-authentication-options.html

where this authentication is described.

I hope this is enough for your need, otherwise, please feel free to post a
new mail for more accurate informations.

Thanks for using Apache Directory Server !

Emmanuel

On 5/22/07, Ceren KOKSAL <cerenkoksal@gmail.com> wrote:
>
>
>
> ---------- Forwarded message ----------
> From: Ceren KOKSAL <cerenkoksal@gmail.com>
> Date: May 22, 2007 1:05 AM
> Subject: Using Apache ds in a web application - user names, passwords
> To: dev@directory.apache.org
>
> Hi
>
> I m using Apache ds 1.5 and trying to develop a web application.I imported
> a uddi schema to Apache ds, I created this schema, based on rfc 4403.
> My problem about the application is that, users will log on the apache ds
> by a web application using a web browser.Then they will add and search web
> services definitions, it will work as a web services registry.In java
> code, while connecting to the server, I'm using below code sample.Userswill have user
names and
> passwords.How they will connect to the apache ds, using their own user
> names and passwords? Will it be like that, I'll connect to apache ds using
> the sample code below.And then I'll take the user's password and user name
> , I'll check if they are right or not.If right, I'll give permission to
> make operations on directory.If not, I will not .Or will the users connect
> to the directory server with their own user names and passwords without
> using the below code and the below security options?I hope my question is
> clear:) Thanks a lot..
>
> env.put(Context.
> *INITIAL_CONTEXT_FACTORY*, "com.sun.jndi.ldap.LdapCtxFactory" );
>
> env.put(Context.
> *PROVIDER_URL*, "ldap://localhost:10389/ou=system" );
>
> env.put(Context.
> *SECURITY_AUTHENTICATION*, "simple");
>
> env.put(Context.
> *SECURITY_PRINCIPAL*, "uid=admin,ou=system");
>
> env.put(Context.
> *SECURITY_CREDENTIALS*, "secret");
>



-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com

Mime
View raw message