directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Delegated Authenti cation
Date Wed, 15 May 2013 09:27:28 GMT
On Wed, May 15, 2013 at 1:43 PM, Emmanuel L├ęcharny <elecharny@gmail.com>wrote:

> Hi guys,
>
> a quick heads up,
>
> I fixed the delegatedAuthentication for basic use cases. We now can have
> a remote LDAP server to authenticate a user which is not present
> locally, assuming the DelegatedAuthenticator is added in the
> authenticator lists.
>
> It's very basic, still.
>
> What remains to be done, and I'm working on it, is to add SSL and
> startTLS so that we cna safely authenticate to a remote server. I will
> have to add some more parameters (like the TrustManager to use), and
> most certainly differentiate SSL from StartTLS.
>
> One more thing to do : determinate when to use the
> DelegatedAuthentication depending on the baseDN (ie, when the user is
> present locally, we may still want to delegate the authn to a remote
> server, and for that, we just expect the authenticator to be called
> based on the user DN). This is slaightly more complicated, but it's
> definitively doable.
>
> just curious why would this be complicated, if the searchBaseDn is already
configured
and the said user entry is below this then the authentication will be
delegated no?

> It was a slow week last week, and I was expecting to get it working way
> faster, but I had many other things to handle.
>
> I don't know much about it, but we call it 'life', I guess ;), np at all,
thanks for the heads up and the consistent effort

> Thanks !
>
> --
> Regards,
> Cordialement,
> Emmanuel L├ęcharny
> www.iktek.com
>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message