shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gorman, Stephen A." <STEPHEN.A.GOR...@saic.com>
Subject RE: Confusion with the LDAP Realm
Date Thu, 07 Jan 2010 21:25:00 GMT
Hope it helps

https://issues.apache.org/jira/secure/ManageAttachments.jspa?id=12444966

-----Original Message-----
From:
shiro-user-return-1140-STEPHEN.A.GORMAN=saic.com@incubator.apache.org
[mailto:shiro-user-return-1140-STEPHEN.A.GORMAN=saic.com@incubator.apach
e.org] On Behalf Of Les Hazlewood
Sent: Thursday, January 07, 2010 2:58 PM
To: shiro-user@incubator.apache.org
Subject: Re: Confusion with the LDAP Realm

Hi Philippe,

You've made a great point - please open up a Jira issue so we can
track this.  If there is a way to achieve generic LDAP implementation,
we'll work to have it in the 1.0 release.

I wasn't the original author of the AbstractLdapRealm hierarchy, so I
wasn't very familiar with its implementation strategy.  Any pointers
or things that you see could be improved, please include them in the
Jira issue comments.  Of course, if you have any implementations or
patches or test cases, those would be great as a Jira attachment as
well (if possible).  Anything helpful is appreciated!

Cheers,

Les

On Thu, Jan 7, 2010 at 2:18 PM, Philippe Laflamme <twologic@gmail.com>
wrote:
>
> Hello Shiro world,
>
> I'm looking for an example LDAP Realm configuration and cannot seem to
find
> anyting. Please point me to some example if there is one.
>
> I've looked at the source and it seems that there is no implementation
of an
> LDAP Realm. The only concrete implementation is the
ActiveDirectoryRealm (I
> understand AD is similar to LDAP, but it's not == to LDAP). The
closest LDAP
> Realm I can see is AbstractLDAPRealm, which is... well... Abstract!
>
> When I read that Shiro supports LDAP realms I figured I could point it
to my
> server, specify the structure of my LDAP (DNs and so forth) and bingo!
I'd
> be able to authenticate against it. I understand that authorization
(role
> and permission mapping) is another matter, but authentication should
be
> straightforward... no?
>
> I'm no LDAP/AD expert, so am I missing something?
>
> Looking at the ActiveDirectoryRealm, I can see that the
> queryForAuthenticationInfo method is not AD-specific. Could it not
belong to
> a DefaultLDAPRealm of some sort?
>
> BTW, Atlassian Crowd has some examples of connecting to "Generic LDAP
> Directories"
> http://confluence.atlassian.com/display/CROWD/Generic+LDAP+Directories
here
> .
> --
> View this message in context:
http://n2.nabble.com/Confusion-with-the-LDAP-Realm-tp4268254p4268254.htm
l
> Sent from the Shiro User mailing list archive at Nabble.com.
>

Mime
View raw message