LdapAuthenticator

From Resin 3.0

Jump to: navigation, search


Resin provides a LdapAuthenticator for the usage of any JAAS LoginModule.

Contents

Example

resin-web.xml 

<web-app xmlns="http://caucho.com/ns/resin">

 <authenticator type="com.caucho.server.security.LdapAuthenticator">
     <init>
         <jndi-env java.naming.factory.initial="test.DirInitialContextFactory"/>

         <dn-suffix>dc=example,dc=com</dn-suffix>
         <user-attribute>cn</user-attribute>
         <password-attribute>password</password-attribute>
    </init>
 </authenticator>

</web-app>

<init> directives

tag description
jndi-env name/value attribute for assigning JNDI environment attributes
dn-prefix prefix string to add to the user name to create the full name
dn-suffix suffix string to add to the user name to create the full name
user-attribute attribute name for the user to create the full name, e.g. uid
password-attribute attribute name containing the password


JAAS and LDAP

The Sun JDK includes a JndiLoginModule, which in turn is used with Resin's JaasAuthenticator to authenticate against an LDAP server.

Example

resin-web.xml 

<web-app xmlns="http://caucho.com/ns/resin">
  <authenticator type="com.caucho.server.security.JaasAuthenticator">
   <init>
     <login-module>com.sun.security.auth.module.JndiLoginModule</login-module>

     <init-param user.provider.url="ldap://ldap.hogwarts.com/ou=People"/>
     <init-param group.provider.url="ldap://ldap.hogwarts.com/ou=Groups"/>

     <init-param debug="true"/>
   </init>
  </authenticator>
</web-app>

<init-param> directives

directive description default
debug If true, show debug information on stdout false
Retrieved from "http://wiki3.caucho.com/index.php?title=LdapAuthenticator&oldid=2357"
Personal tools