roller-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jason mayer <jason.ma...@gmail.com>
Subject Re: LDAP authentication and automation of user creation
Date Tue, 09 Feb 2010 17:16:43 GMT
Ok I can verify at this point that I'm not attempting to communicate
via ldap at all.  I set up a proxy (don's proxy on sourceforge) to
listen in on requests.  I verified that it was working correctly by
telneting to localhost 11389 and I could see my transmitted data.  I
updated my security.xml config to use spring security 2.0 mappings.
I'll include the config in case anyone has any recommendations.

I also tried to write a unit test to validate the Authentication
Object, but I had problems getting one set up because of sax parser
errors (http://www.springframework.org/schema/security/spring-security-2.0.1-openidfix.xsd
does not resolve).   The guides on springsource reference
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd,
and it appears to have the fix to the problem mentioned in ROL-1733.
If anyone has any suggestions at this point, I'm definitely open to
ideas.

<http> <!--snipped for brevity -->
        <intercept-url pattern="/roller-ui/user.do*" access="register"/>
</http>

    <beans:bean id="authenticationManager"
class="org.springframework.security.providers.ProviderManager"
name="authenticationManagerAlias">
      <beans:property name="providers">
        <beans:list>
          <beans:ref local="ldapAuthProvider" />
        </beans:list>
      </beans:property>
    </beans:bean>

    <beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <beans:constructor-arg index="0" value="ldap://localhost:11389" />
        <beans:property name="userDn" value="username"/>
        <beans:property name="password" value="password"/>
    </beans:bean>

    <beans:bean id="ldapUserSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
        <beans:constructor-arg index="0" value="CN=Users,DC=blah,DC=com"/>
        <beans:constructor-arg index="1" value="sAMAccountName={0}"/>
        <beans:constructor-arg index="2" ref="contextSource"/>
        <beans:property name="searchSubtree" value="true"/>
    </beans:bean>

    <beans:bean id="ldapAuthProvider"
class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
        <beans:constructor-arg>
            <beans:bean
class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
                <beans:constructor-arg ref="contextSource"/>
                <beans:property name="userSearch" ref="ldapUserSearch"/>
            </beans:bean>
        </beans:constructor-arg>
        <beans:constructor-arg>
            <beans:bean
class="org.springframework.security.ldap.populator.UserDetailsServiceLdapAuthoritiesPopulator">
                <beans:constructor-arg ref="rollerUserService" />
            </beans:bean>
        </beans:constructor-arg>
<!-- I tried this alternate populator as well, it also did not work -->
<!--
        <beans:constructor-arg>
            <beans:bean
class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
                <beans:constructor-arg ref="contextSource" />
                <beans:constructor-arg index="1"
value="CN=Users,DC=blah,DC=com"/>
            </beans:bean>
        </beans:constructor-arg>
-->
    </beans:bean>

Mime
View raw message