29 Apr
2005
29 Apr
'05
1:06 a.m.
Hi Alexis,
Shouldn't you bind to the directory to find the DN, then log-out and try
to log in using the DN and the password ?
If I remember correctly, this is the way it was done at Netscape.
It should work even when the password is encrypted.
Ludovic
Alexis KARTMANN a écrit :
Hi Jiri
The fact I didn't only bind the user to check the password is that in some
case where directory structure is complex I can't guess the DN out of the
user name, so I first need to make a search, binding anonymously or with
binding DN/password. As I don't want to bind twice, I use comparison of
password (so I don't really read password).
Anyway if in your case DN can be guessed out of user name, I think not
setting ldap_bind_DN could do the trick, maybe with some minor modification
to the code. If you could send me the patch you made I can find a way to
make it "clean".
And beside I'll investigate into adding proper AD support (guess I'll have
to install WS2003).
As for CreateUserFromLDAP, it's a very first version, and I'm looking for
comments about it.
Alexis KARTMANN
email : alexis(a)kartmann.com
Blog : http://www.kartmann.com
ICQ : 258922616
Yahoo : akartmann
MSN : alexis(a)kartmann.com
AIM : alexkartmann
Jabber : akartmann(a)jabber.fr
Spype : alexkartmann
-----Message d'origine-----
De : Jiri Luzny [mailto:jiri.luzny@seznam.cz]
Envoyé : jeudi 28 avril 2005 21:40
À : xwiki-dev(a)objectweb.org
Objet : Re: [xwiki-dev] LDAP integration status
Hi Alexis,
I'm testing the LDAP stuff with Active Directory and it is *almost*
working fine. ;-)
The problem is in LDAPAuthServiceImpl.checkUserPassword() when you try
to read "userPassword" in order to check the password. As I understood
from reading of various articles, Active Directory requires a strong
encryption even for a read-only access to the "userPassword"
("unicodePwd") attribute. Here are some links:
http://forum.java.sun.com/thread.jspa?threadID=592611&messageID=3100133
http://mail.jabber.org/pipermail/jadmin/2002-January/003278.html
Is there any specific reason why you cannot just simply rely on bind()
with either DN or username and password to authenticate the user? I
commented out the userPassword check and assigned return value of
Bind() method to the result (not using ldap_bind_DN at all) and it is
working fine.
Anyway, thanks for this piece of code (especially the newly committed
CreateUserFromLDAP() feature is cool).
Jiri.
On Wed, 27 Apr 2005 16:05:52 +0200, you wrote:
--
Ludovic Dubost
XPertNet: http://www.xpertnet.fr/
Blog: http://www.ludovic.org/blog/
XWiki: http://www.xwiki.com
Skype: ldubost AIM: nvludo Yahoo: ludovic
Hi,
I'm working on LDAP integration.
The current status is:
- Password can be checked against LDAP server using different strategies.
- User must exist in XWiki database.
These functions are available for SVN version on openweb, but not of latest
binary release. I still need to provide documentation on how-to use it.
I have plans to had:
- Automatic transfer of user from LDAP to XWiki first time a user connects.
- Update of user fields from LDAP to XWiki.
- Mass transfer/update from LDAP to XWiki.
If you're willing to build latest version I can provide you help testing
this on your environment. I only tested with Open-LDAP server and I'm
curious to learn how it works with other servers.
Alexis KARTMANN
email : alexis(a)kartmann.com
Blog : http://www.kartmann.com
Jabber : akartmann(a)jabber.fr
-----Message d'origine-----
De : Jiri Luzny [mailto:jiri.luzny@seznam.cz]
Envoyé : mercredi 27 avril 2005 15:28
? : xwiki-dev(a)objectweb.org
Objet : [xwiki-dev] LDAP integration status
Hi,
as we plan to integrate XWiki user management with Active Directory in
our company, I'm curious what is the status of LDAP Integration. Is it
testable? If so, I would be happy to become a beta tester for this ;-)
Jiri.
------------------------------------------------------------------------
--
You receive this message as a subscriber of the xwiki-dev(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-dev-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws