geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hernan Cunico <hcun...@gmail.com>
Subject Re: Who understands the LDAP login module?
Date Mon, 21 Nov 2005 16:07:59 GMT
Aaron,
these parameters are discussed in the "Security -> Available Login 
Modules" section on the confluence site, here is the link:

http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Available+login+modules

This section is not finished yet but you should still find there what 
you need.

Cheers!
Hernan

Aaron Mulder wrote:
> Well, that's a start, but it doesn't actually explain what any of the
> LDAP login module options are -- it only tells you what to set them to
> if you want to connect to the sample.  I'd like to come up with a
> meaningful text description of each option:
> 
> initialContextFactory
> connectionURL
> connectionUsername
> connectionPassword
> connectionProtocol
> authentication
> userBase
> userSearchMatching
> userSearchSubtree
> roleBase
> roleName
> roleSearchMatching
> roleSearchSubtree
> userRoleName
> 
> I have a vague idea of some of them from hacking around with this kind
> of stuff before -- but for the most part, I probably coun't explain it
> well.  But even for nominally straightforward ones like connect
> username and password -- does the provided account need to be an LDAP
> administrator?  Do I understand right that the realm will attempt to
> bind to LDAP as the user to verify their password?  If so, why do you
> need the admin account and search params, why not just connect as the
> user and if it works look up their groups?
> 
> Thanks,
>    Aaron
> 
> On 11/20/05, Jeff Genender <jgenender@apache.org> wrote:
> 
>>Looks like Hernan put together a really nice tutorial on Geronimo with
>>the LDAp login module and Apache Directory.
>>
>>http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP
>>
>>Aaron Mulder wrote:
>>
>>>It has like 14 parameters -- if I could get some help figuring out
>>>what all of those mean, and maybe some samples for hooking it up to
>>>OpenLDAP, Sun LDAP, and Active Directory LDAP, that would be
>>>outstanding.
>>>
>>>Thanks,
>>>    Aaron
>>>
>>>http://svn.apache.org/viewcvs.cgi/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/LDAPLoginModule.java?rev=345629&view=markup
>>
> 

Mime
View raw message