LdapAuthenticator
From Resin 3.0
(Difference between revisions)
| Line 41: | Line 41: | ||
= JAAS and LDAP = | = JAAS and LDAP = | ||
| − | [[ | + | The Sun JDK includes a JndiLoginModule, which in turn is used with Resin's [[JaasAuthenticator]] to authenticate against an LDAP server. |
| + | |||
| + | == Example == | ||
| + | |||
| + | ==== resin-web.xml ==== | ||
| + | <web-app xmlns="http://caucho.com/ns/resin"> | ||
| + | <authenticator type="com.caucho.server.security.JaasAuthenticator"> | ||
| + | <init> | ||
| + | <login-module>com.sun.security.auth.module.JndiLoginModule</login-module> | ||
| + | |||
| + | <init-param user.provider.url="ldap://ldap.hogwarts.com/ou=People"/> | ||
| + | <init-param group.provider.url="ldap://ldap.hogwarts.com/ou=Groups"/> | ||
| + | |||
| + | <init-param debug="true"/> | ||
| + | </init> | ||
| + | </authenticator> | ||
| + | </web-app> | ||
| + | |||
| + | == <init-param> directives == | ||
| + | |||
| + | {| | ||
| + | !directive||description||default | ||
| + | |- | ||
| + | ||debug||If true, show debug information on stdout||false | ||
| + | |} | ||
Revision as of 00:02, 13 April 2006
Resin provides a LdapAuthenticator for the usage of any JAAS LoginModule.
Contents |
Example
resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <authenticator type="com.caucho.server.security.LdapAuthenticator"> <init> <jndi-env java.naming.factory.initial="test.DirInitialContextFactory"/> <dn-suffix>dc=example,dc=com</dn-suffix> <user-attribute>cn</user-attribute> <password-attribute>password</password-attribute> </init> </authenticator> </web-app>
<init> directives
| tag | description |
|---|---|
| jndi-env | name/value attribute for assigning JNDI environment attributes |
| dn-prefix | prefix string to add to the user name to create the full name |
| dn-suffix | suffix string to add to the user name to create the full name |
| user-attribute | attribute name for the user to create the full name, e.g. uid |
| password-attribute | attribute name containing the password |
<init-param> directives are used to configure the properties of the LoginModule. Existing LoginModules provide documentation of the init-param that are accepted.
Custom LoginModule implementations retrieve the init-param values in the initialize method:
JAAS and LDAP
The Sun JDK includes a JndiLoginModule, which in turn is used with Resin's JaasAuthenticator to authenticate against an LDAP server.
Example
resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <authenticator type="com.caucho.server.security.JaasAuthenticator"> <init> <login-module>com.sun.security.auth.module.JndiLoginModule</login-module> <init-param user.provider.url="ldap://ldap.hogwarts.com/ou=People"/> <init-param group.provider.url="ldap://ldap.hogwarts.com/ou=Groups"/> <init-param debug="true"/> </init> </authenticator> </web-app>
<init-param> directives
| directive | description | default |
|---|---|---|
| debug | If true, show debug information on stdout | false |
