shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From iyya <>
Subject Question on ldap authentication using shiro
Date Thu, 06 Oct 2011 22:06:11 GMT

I am implementing Shiro security in our application. I have the below
entries in shiro.ini

ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=users,dc=mycompany,dc=com
ldapRealm.contextFactory.url = ldaps://ldap url:port
ldapRealm.contextFactory.systemUsername = cn=acc

It never connects or gives connection exceptions. Enabled debug logging for
shiro packages. But nothing logged. Is something wrong with the above
configuration? Is 'ldaps:' need any ssl configuration?

I have java code as - 
/public void login(String username, String password) {
	UsernamePasswordToken token;
	token = new UsernamePasswordToken(username, password);
	Subject currentUser = SecurityUtils.getSubject();

Is this enough or do i have to implement a custom realm class and its
methods like getAuthenticationInfo()? From the document I understood that it
is invoked by default.

Please note this ldap authentication works fine through spring security as
below -

springsecurity.ldap.authorities.groupSearchBase = 'ou=Groups, o=myCompany' = 'o=myCompany'
springsecurity.ldap.context.server = 'ldaps://ldap url:port' = '(uid={0})'
springsecurity.ldap.authorities.groupSearchFilter = 'uniqueMember={0}'
springsecurity.ldap.context.referral = 'follow'
springsecurity.ldap.context.managerDn = 'cn=acc,ou=users'
springsecurity.ldap.context.managerPassword = 'password'

Am i missing setting up of these /search.base and groupSearchBase/, if so
how to do that?

Please show me some samples. Thanks!

View this message in context:
Sent from the Shiro User mailing list archive at

View raw message