directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antoine Levy-Lambert <>
Subject Delegation of Authentication
Date Tue, 16 Nov 2010 16:24:51 GMT

I am going to start today writing an implementation of the delegation of 
authentication. Once I will have written something that works I will 
attach my code to JIRA [1].

I plan to use the JNDIRealm [2] [3] of tomcat as a reference to know how 
to configure and implement the delegation of authentication.

Funny, I thought that perhaps there was a magic LDAP API to know whether 
a password is valid and it turns out that JNDIRealm actually binds the 
user to the target LDAP server to find out whether his/her credentials 
are valid.

What would be the steps to implement this ? I guess I should start by 
listing the attributes needed to do this delegation of authentication, 
then create a new object class in the adsconfig schema, for instance 
adsAuthDelegation and the corresponding attribute types for instance 

Then write a new bean class to hold the connection parameters for the 
delegation of authentication.

Does the adsAuthDelegation fit in the DIT under adsLdapServer ?






View raw message