directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antoine Levy-Lambert <anto...@gmx.de>
Subject Delegation of Authentication
Date Tue, 16 Nov 2010 16:24:51 GMT
  Hi,

I am going to start today writing an implementation of the delegation of 
authentication. Once I will have written something that works I will 
attach my code to JIRA [1].

I plan to use the JNDIRealm [2] [3] of tomcat as a reference to know how 
to configure and implement the delegation of authentication.

Funny, I thought that perhaps there was a magic LDAP API to know whether 
a password is valid and it turns out that JNDIRealm actually binds the 
user to the target LDAP server to find out whether his/her credentials 
are valid.

What would be the steps to implement this ? I guess I should start by 
listing the attributes needed to do this delegation of authentication, 
then create a new object class in the adsconfig schema, for instance 
adsAuthDelegation and the corresponding attribute types for instance 
adsAuthDelegationURL.

Then write a new bean class to hold the connection parameters for the 
delegation of authentication.

Does the adsAuthDelegation fit in the DIT under adsLdapServer ?


Regards,

Antoine


[1] https://issues.apache.org/jira/browse/DIRSERVER-1422

[2] http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JNDIRealm

[3] 
https://svn.apache.org/repos/asf/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java

Mime
View raw message