On 11/19/2010 4:41 AM, Emmanuel Lecharny wrote:
> Hi guys,
>
> yesterday, we had an interesting convo with Antoine, about the
> definition of a dedicated Authenticator, and how to configure it.
>
> First, the Authenticator interface can be implemented but it's
> probably a better idea to extend the AbstractAuthenticator, as it
> brings some references to teh underlying DirectoryService for free,
> plus some default implementations to init and dispose the
> Authenticator. One thing to take care of is the PasswordPolicy which
> can be enabled or disabled. We have to determinate the best way to
> deal with this service.
Thanks, will extend AbstractAuthenticator then.
>
> Another aspect is the Authenticator configuration : how to inject it
> and have it available when the server is stopped and restarted? The
> solution is probably to extend the existing configuration, which is
> based on the DIT. That means defining a specific Bean, plus the
> associated OC and AT. We have to think about it, and I would suggest
> we try to write a prototype that demonstrates the way to extend the
> configuration. It has to be documented, as the Authenticator is an
> extension point.
I need to configure at least the host and the port to which the
delegation happens. The class name of the new authenticator will be
org.apache.directory.server.core.authn.DelegatingAuthenticator.My DN
where I work is CN=Antoine Lambert, OU=132, OU=Users, OU=NYCSite,
DC=nyc,DC=com.
Maybe the DelegatingAuthenticator could work optionally with DN patterns.
>
> I'm pretty sure it's not such a big deal, but we need time, and we
> have littel :) I would suggest we follow closely Antoine's effort and
> try to leverage what he is doing to improve the server *and* the
> documentation...
>
> Thanks !
>
Thanks too,
Antoine
|