directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: 2.0.0-M19 as LDAP wrapper/proxy
Date Wed, 17 Dec 2014 13:47:23 GMT
On Wed, Dec 17, 2014 at 9:19 PM, Iliev, Hristo <hristo.iliev@sap.com> wrote:
>
> Hi,
>
> We managed to get a custom authenticator and it works as expected now.
> Thanks for the help.
>
> It seems we also need to mimic the lookup operation. Doing this with
> interceptor resulted in error message about missing entry.
>
> most likely due to the order of your interceptor in the chain, at what
number did you place your interceptor?

We found out that we need to implement custom partition [1]. ADStudio
> created a JDBM based partition, so it seems we need to change the
> implementation details into the configuration file.
>
> the easiest way to solve your case is to use an interceptor, currently
there is no easy way to
inject your custom partition unless you use ApacheDS in embedded mode.

> However we can't seem to find any existing examples on how to do this with
> the new configuration format. Any pointer to some existing config example
> about how to specify our own partition would be appreciated.
>
> Regards,
> Hristo Iliev
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Tuesday, December 16, 2014 1:16 AM
> To: users@directory.apache.org
> Subject: Re: 2.0.0-M19 as LDAP wrapper/proxy
>
> On Mon, Dec 15, 2014 at 10:12 PM, Iliev, Hristo <hristo.iliev@sap.com>
> wrote:
> >
> > Hi,
> >
> > We want to integrate Cloud Foundry UAA (#1) with authentication systems
> > not supporting LDAP natively. To do this we want to use ApacheDS
> 2.0.0-M19
> > as protocol translator that accepts LDAP requests and delegates
> > authentication requests to our own backend.
> >
> > To do this we want to use client that talks to Apache DS with search &
> > bind or simple bind. The used user and password for the bind should then
> be
> > forwarded to our backend like this: Client -----> Apache DS ----->
> Backend
> >
> > We tried to use Interceptors as described in the documentation (#2) , but
> > we found out that lookup does not have information about the password
> (nor
> > entry in the LookupOperationContext), so this seems as dead-end.
> >
> the credential information will only be present in BindOperationContext
> what you need here is a delegating authenticator, take a look at the
> existing DelegatingAuthenticator[1]
> this is used for LDAP->LDAP authentication but should help you in modeling
> yours
>
> [1]
>
> http://svn.apache.org/repos/asf/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
>
> >
> > Can someone recommend the best way to implement protocol
> > translator/proxy/wrapper with Apache DS 2.0.0? Should we use
> > RequestHandlers instead?
> >
> > Regards,
> > Hristo Iliev
> >
> > 1: https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-LDAP.md
> > 2:
> >
> https://cwiki.apache.org/confluence/display/DIRxSRVx11/6.2.+Implementing+a+simple+custom+Interceptor
> >
> >
>
> --
> Kiran Ayyagari
> http://keydap.com
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message