directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: 2.0.0-M19 as LDAP wrapper/proxy
Date Mon, 15 Dec 2014 23:15:46 GMT
On Mon, Dec 15, 2014 at 10:12 PM, Iliev, Hristo <hristo.iliev@sap.com>
wrote:
>
> Hi,
>
> We want to integrate Cloud Foundry UAA (#1) with authentication systems
> not supporting LDAP natively. To do this we want to use ApacheDS 2.0.0-M19
> as protocol translator that accepts LDAP requests and delegates
> authentication requests to our own backend.
>
> To do this we want to use client that talks to Apache DS with search &
> bind or simple bind. The used user and password for the bind should then be
> forwarded to our backend like this: Client -----> Apache DS -----> Backend
>
> We tried to use Interceptors as described in the documentation (#2) , but
> we found out that lookup does not have information about the password (nor
> entry in the LookupOperationContext), so this seems as dead-end.
>
the credential information will only be present in BindOperationContext
what you need here is a delegating authenticator, take a look at the
existing DelegatingAuthenticator[1]
this is used for LDAP->LDAP authentication but should help you in modeling
yours

[1]
http://svn.apache.org/repos/asf/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java

>
> Can someone recommend the best way to implement protocol
> translator/proxy/wrapper with Apache DS 2.0.0? Should we use
> RequestHandlers instead?
>
> Regards,
> Hristo Iliev
>
> 1: https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-LDAP.md
> 2:
> https://cwiki.apache.org/confluence/display/DIRxSRVx11/6.2.+Implementing+a+simple+custom+Interceptor
>
>

-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message