directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hammond, Steven" <Steven.Hamm...@Polycom.com>
Subject RE: Passthrough authentication with Apache Directory Server
Date Wed, 17 Nov 2010 20:03:35 GMT
I cannot contribute the code, but I can describe the basic use

When initializing the ApacheDS server, which we did in code, not in a config file:
      NtlmMechanismHandler ntlmMechanismHandler = new NtlmMechanismHandler();
      ntlmMechanismHandler.setNtlmProvider(new JcifsNtlmProvider());

      ldapServer.removeSaslMechanismHandler(SupportedSaslMechanisms.NTLM);
      ldapServer.addSaslMechanismHandler(SupportedSaslMechanisms.NTLM, ntlmMechanismHandler);
      ldapServer.removeSaslMechanismHandler(SupportedSaslMechanisms.GSS_SPNEGO);
      ldapServer.addSaslMechanismHandler(SupportedSaslMechanisms.GSS_SPNEGO, ntlmMechanismHandler);


Then in generateChallenge we created a Type2Message message from the type1 bytes using JCIFS
Getting the serverNonce from code like http://www.jarvana.com/jarvana/view/com/liferay/portal/portal-impl/6.0.3/portal-impl-6.0.3-sources.jar!/com/liferay/portal/security/ntlm/NetlogonConnection.java?format=ok


Then authenticate uses code similar the logon function in http://www.jarvana.com/jarvana/view/com/liferay/portal/portal-impl/6.0.2/portal-impl-6.0.2-sources.jar!/com/liferay/portal/security/ntlm/Netlogon.java?format=ok


-----Original Message-----
From: Antoine Levy-Lambert [mailto:antoine@gmx.de] 
Sent: Friday, November 12, 2010 6:17 AM
To: users@directory.apache.org
Subject: Re: Passthrough authentication with Apache Directory Server

  Hi,

I would also be interested to see (and reuse) this code.

Regards,

Antoine

On 11/12/2010 4:44 AM, Kiran Ayyagari wrote:
> hi Steven,
>
> On Fri, Nov 12, 2010 at 10:24 AM, Hammond, Steven
> <Steven.Hammond@polycom.com>  wrote:
>> It is kindof implemented.  We are using it with 1.5.3, but we had to write our own
JcifsNtlmInterceptor
> Is there any chance that you (with your organization) would consider
> to contribute this code to ApacheDS?
>
> Kiran Ayyagari


Mime
View raw message