shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jared Bunting <jared.bunt...@digitalreasoning.com>
Subject Re: Call for suggestions: how can Shiro's LDAP support be improved?
Date Thu, 31 Mar 2011 21:45:05 GMT
Some authz stuff would be great too, but I'd have to think on how to do that in a generic manner.

On 03/31/2011 04:43 PM, Les Hazlewood wrote:
> Great feedback - thanks Jared.
> 
> Les
> 
> On Thu, Mar 31, 2011 at 2:29 PM, Jared Bunting
> <jared.bunting@digitalreasoning.com> wrote:
>> Basically.
>>
>> Also a "userLookupQuery" as an alternative to "userDnTemplate".  I'd be happy to
write the patch, but unfortunately by current work environment doesn't provide me the opportunity
to test LDAP authentication.  So, I'll write it if someone else can test it.
>>
>> Thanks,
>> Jared
>>
>> On 03/31/2011 04:26 PM, Les Hazlewood wrote:
>>> So you mean a 'connectionUserDn' and a 'connectionPassword' to connect
>>> to LDAP to perform ad-hoc queries, and not just the DN format that is
>>> used for authenticating end-users via a bind operation. Correct?
>>>
>>> Thanks,
>>>
>>> Les
>>>
>>> On Thu, Mar 31, 2011 at 2:03 PM, Jared Bunting
>>> <jared.bunting@digitalreasoning.com> wrote:
>>>> As was mentioned in the other thread, the ability to do a query (potentially
with a configurable username/password) in order to determine the user dn would be enormously
useful.  This is a fairly standard way to do ldap authentication (typically the "username"
is an attribute of the dn) and shiro should probably support it by default.
>>>>
>>>> Thanks,
>>>> Jared
>>>>
>>>> On 03/31/2011 12:53 PM, Les Hazlewood wrote:
>>>>> Hi folks,
>>>>>
>>>>> The latest LDAP support currently is in the form of the JndiLdapRealm.
>>>>>
>>>>> Unfortunately, this name has confused enough people - often they think
>>>>> they need to be using JNDI in order to use it (this is not the case -
>>>>> the JNDI API itself is used as an implementation strategy, and it does
>>>>> not require that anything be actually stored in JNDI, but that's
>>>>> beside the point).
>>>>>
>>>>> Because of this, there is a Jira issue to rename it to something else
>>>>> for the next release (i.e. deprecate JndiLdapRealm and create a
>>>>> 'DefaultJndiRealm' or something like that).  When we do that, we have
>>>>> the opportunity to make it better and/or add features.
>>>>>
>>>>> What is missing from Shiro's LDAP support that you would need in order
>>>>> to use it 'out-of-the-box' with your apps?  Ideally I'd like to get as
>>>>> much in there such that subclassing is rarely necessary.
>>>>>
>>>>> All suggestions are welcome!
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Les



Mime
View raw message