ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amine AZZI" <bakht...@gmail.com>
Subject Re: Storing and retrieving users and passwords from LDAP
Date Fri, 02 Mar 2007 19:04:10 GMT
Hello Torsten,

I fell in the same problem. what I did if the integration of an ldap API and
added a method to LoginServices, and to security.properties
I send you the patch here (it concerns a CVS diff unfortunaltely but it's so
basic that you can reproduce it).
The API integrated is the one of Mozzila LDAP
The use is very easy, you set useLDAP to true to use the parametrized ldap
server, otherwise the party module is used to do authentification.

The privileges configuration remains in Party Management module


Amine.

Index: ./securityext/src/org/ofbiz/securityext/login/LoginServices.java
===================================================================
RCS file:
/cvsroot/neogia/ofbizNeogia/applications/securityext/src/org/ofbiz/securityext/login/Attic/LoginServices.java,v
retrieving revision 1.1.1.4
diff -r1.1.1.4 LoginServices.java
27a28,30
> import netscape.ldap.LDAPConnection;
> import netscape.ldap.LDAPException;
>
147c150,162
<
---
>
>                         //this is useful in case someone wants to have an
ldap authentification
>                         //it also requires that use create connections on
the party manager
>                         boolean useLdap = "true".equals(
UtilProperties.getPropertyValue("security.properties", "login.useLDAP"));
>                         boolean validPass = false;
>                         if (!useLdap) {
>                             validPass = (userLogin.get("currentPassword")
!= null &&
>                                     (realPassword.equals(
userLogin.getString("currentPassword")) ||
>                                             ("true".equals(
UtilProperties.getPropertyValue("security.properties", "
password.accept.encrypted.and.plain")) && password.equals(
userLogin.getString("currentPassword")))));
>                         } else {
>                             validPass = userLoginLdap(ctx, context);
>                         }
>
150,152c165
<                         if ((userLogin.get("currentPassword") != null &&
<
(realPassword.equals(userLogin.getString("currentPassword"))
||
<                                 ("true".equals(
UtilProperties.getPropertyValue("security.properties", "
password.accept.encrypted.and.plain")) && password.equals(
userLogin.getString("currentPassword")))))) {
---
>                         if (validPass) {
769a783,811
>
>     private static boolean userLoginLdap(DispatchContext ctx, Map context)
{
>
>         String host = UtilProperties.getPropertyValue("security.properties",
"ldap.host.name");
>         int port = Integer.parseInt(UtilProperties.getPropertyValue("
security.properties", "ldap.host.port"));
>         int protocol = Integer.parseInt(UtilProperties.getPropertyValue("
security.properties", "ldap.protocol"));;
>
>         String baseDN = UtilProperties.getPropertyValue("
security.properties", "ldap.baseDN");
>         String ldapUser = UtilProperties.getPropertyValue("
security.properties", "ldap.user");
>         String ldapPassword = UtilProperties.getPropertyValue("
security.properties", "ldap.password");
>
>         String username = (String) context.get("login.username");
>         if (username == null) username = (String) context.get("username");
>         String password = (String) context.get("login.password");
>         if (password == null) password = (String) context.get("password");
>
>         LDAPConnection conn = new LDAPConnection();
>         try {
>             conn.connect(host, port, ldapUser, ldapPassword);
>             conn.authenticate(protocol, username, password);
>         } catch ( LDAPException e ) {
>              Debug.logVerbose("Error number: " + e.getLDAPResultCode(),
module)   ;
>              break;
>          }
>              return false;
>         }
>
>         return true;
>     }
Index: ./security/config/security.properties
===================================================================
RCS file:
/cvsroot/neogia/ofbizNeogia/framework/security/config/security.properties,v
retrieving revision 1.1.1.3
diff -r1.1.1.3 security.properties
53a54,64
>
> # --ldap parameters
>
> ldap.host.name=ldapSrv
> ldap.host.port=389
> ldap.baseDN=dc=neogia,dc=org
> ldap.protocol=3
> ldap.user=cn=myUserid,ou=Myou,ou=MyOU2,dc=neogia,dc=org
> ldap.password=myPass
> login.useLDAP=false
>


2007/3/1, Torsten Schlabach <tschlabach@gmx.net>:
>
> Change or provide an alternative implementation?
>
> If I did either one, would you commit it?
>
> I mean, would that be a "clean" solution?
>
> David E. Jones schrieb:
> >
> > Rather than trying to do this through the entity engine it might be
> > better/easier to just change the userLogin service to look at both
> > sources, and manage conflicts as desired, etc.
> >
> > -David
> >
> >
> > On Feb 28, 2007, at 11:29 AM, Torsten Schlabach wrote:
> >
> >> Hi!
> >>
> >> I think I am about to find my way through OFBiz internals, so
> >> basically I am just asking for confirmation and some little hints.
> >>
> >> What I am trying to do is to read users and their passwords not  from
> >> the embedded Derby database but from a given LDAP directory.
> >>
> >> I have taken a look at org.ofbiz.common.login.LoginServices. From
> >> there I find out that it's using a delegator to retrieve the  username
> >> and corresponding password through the entity engine.
> >>
> >> Am I right that I would have to configure the entity engine in a  way
> >> that it keeps retrieving anything else from where it does  today, but
> >> that I would have to tell it to use a different  datasource for the
> >> entity UserLogin?
> >>
> >> I haven't found that specific place yet, but hopefully that  shouldn't
> >> be that difficult.
> >>
> >> But browsing pre-defined datasources in entityengine.xml, I did not
> >> find anything which looked like LDAP to me. So I wonder: Are
> >> delegators tied to SQL databases and JDBC? Or to something which  has
> >> to have a relational structure? (LDAP can be mapped into a  relational
> >> structure, but as we know, it's not relational by default.)
> >>
> >> Would I have to code a new implementation of a Delegator to talk to
> >> an LDAP server? Or would there be a way to achieve this just  through
> >> configuration?
> >>
> >> Also I haven't yet found the place where datasources, delegators  and
> >> entities are connected.
> >>
> >> Can this be done at all at reasonable effort?
> >>
> >> I am thinking of implementing my own replacement for LoginServices  as
> >> an alternative. That would for example allow to check for  container
> >> based authentication (getUserPrincial()). But that would  just manage
> >> logins. I would loose the chance to create new users  through OFBiz,
> >> wouldn't I?
> >>
> >> Any comments or pointers to specific documents are welcome.
> >>
> >> Regards,
> >> Torsten
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message