LDAP Authentication
Added by Nathan Anderson, last edited by Nathan Anderson on Apr 09, 2007 11:22

Labels:

(None)

Add Labels

Enter labels to add to this page:

Tip: Looking for a label? Just start typing.

This page is taken from a thread on the AppFuse user list.

Here's what Matt has done in the past to get LDAP working with AppFuse 1.9.4. The same concepts should be applicable to AppFuse 2.0.x.

1. Change the "authenticationManager" bean to use "ldapProvider"
instead of "daoAuthenticationProvider":

<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
       <property name="providers">
           <list>
               <ref local="ldapProvider"/>
               <!--ref local="daoAuthenticationProvider"/-->
               <ref local="anonymousAuthenticationProvider"/>
               <ref local="rememberMeAuthenticationProvider"/>
           </list>
       </property>
   </bean>

2. Added ldapProvider and supporting beans:

<bean id="ldapProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
       <constructor-arg>
           <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
               <constructor-arg ref="initialDirContextFactory"/>
               <property name="userDnPatterns">
                   <list>
                       <value>uid={0}</value>
                   </list>
               </property>
               <property name="userSearch" ref="userSearch"/>
               <property name="userDetailsMapper" ref="ldapUserDetailsMapper"/>
           </bean>
       </constructor-arg>
       <constructor-arg>
           <bean class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
               <constructor-arg ref="initialDirContextFactory"/>
               <constructor-arg value=""/>
               <property name="groupRoleAttribute" value="cn"/>
               <property name="groupSearchFilter"
value="(&amp;(objectclass=groupOfUniqueNames)(uniqueMember={0}))"/>
               <property name="searchSubtree" value="true"/>
               <property name="rolePrefix" value=""/>
               <property name="convertToUpperCase" value="false"/>
           </bean>
       </constructor-arg>
   </bean>

   <bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
       <constructor-arg value="${ldap.url}/${ldap.base}"/>
       <property name="managerDn" value="${ldap.username}"/>
       <property name="managerPassword" value="${ldap.password}"/>
   </bean>

   <bean id="userSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
       <constructor-arg index="0" value=""/>
       <constructor-arg index="1" value="(uid={0})"/>
       <constructor-arg index="2" ref="initialDirContextFactory"/>
       <property name="searchSubtree" value="true"/>
   </bean>

   <bean id="ldapUserDetailsMapper" class="org.acegisecurity.userdetails.ldap.LdapUserDetailsMapper">
       <property name="rolePrefix" value=""/>
   </bean>

3. Change the passwordEncoder bean to be LdapShaPasswordEncoder:

<bean id="passwordEncoder" class="org.acegisecurity.providers.ldap.authenticator.LdapShaPasswordEncoder"/>

In this example, my ldap.properties (which populates initialDirContextFactory) is set to:

ldap.url=ldap://localhost:1389
ldap.base=ou=system
ldap.username=uid=admin,ou=system
ldap.password=secret