directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Scott <gr8da...@gmail.com>
Subject Query re: installing custom authenticator
Date Wed, 06 Jan 2010 21:39:01 GMT
The documentation in the (1.5) Advanced User's Guide in section 2.4 for
"Writing a custom authenticator" asserts it is both out-of-date and that the
example configuration isn't correct.  I am certainly hoping that only means
the documentation isn't up-to-date rather than meaning it currently can't be
done.  If it can be done,  can some knowledgeable person please provide some
hints of what needs to be done.  Here is my specific quandary, and how I
naively thought I might circumvent it.

The essence of the problem that I'm trying to solve is that we use a
third-party product that can either use its own database for storing
credentials and user roles OR it can talk to an external provider via its
built-in LDAP (v3) client.  Company security policy dictates that it must
utilize the corporate "customer LDAP", but because of the believed need for
additional controls, this LDAP can be accessed only through a specific
[java] API.  So, my not-fully-baked idea was that I could set up Apache DS
and point the 3rd-party product at it, and then add a custom authenticator
which invoked the supplied API when the bind request was processed by Apache
DS.

If that doesn't sound too unreasonable, in the absence of current
documentation, can some kind soul suggest what the simplest approach to
accomplish that might be (including what to add to the server.xml file and
where it belongs)?  A simplification is that no search results are needed;
that is, all I need is a "pass/fail" on the authentication as this mechanism
will be used only for a specific "class" of users all of whom have the same
roles associated with their credentials.  Thus, I am hoping that I'm not
being overly optimistic in thinking it's just a simple bind which can either
succeed or barf.

All shared wisdom is greatly appreciated!

Richard

-- 
Outside of a dog, a book is man's best friend; inside of a dog, it's too
dark to read - Mark Twain

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message