LdapAuthenticator

From Resin 3.0

(Difference between revisions)
Jump to: navigation, search
Line 41: Line 41:
 
= JAAS and LDAP =
 
= JAAS and LDAP =
  
[[LDAP authentication]]
+
The Sun JDK includes a JndiLoginModule, which in turn is used with Resin's [[JaasAuthenticator]] to authenticate against an LDAP server.
 +
 
 +
== Example ==
 +
 
 +
==== resin-web.xml ====
 +
<web-app xmlns="http://caucho.com/ns/resin">
 +
  <authenticator type="com.caucho.server.security.JaasAuthenticator">
 +
    <init>
 +
      <login-module>com.sun.security.auth.module.JndiLoginModule</login-module>
 +
 +
      <init-param user.provider.url="ldap://ldap.hogwarts.com/ou=People"/>
 +
      <init-param group.provider.url="ldap://ldap.hogwarts.com/ou=Groups"/>
 +
 +
      <init-param debug="true"/>
 +
    </init>
 +
  </authenticator>
 +
</web-app>
 +
 
 +
== <init-param> directives ==
 +
 
 +
{|
 +
!directive||description||default
 +
|-
 +
||debug||If true, show debug information on stdout||false
 +
|}

Revision as of 00:02, 13 April 2006


Resin provides a LdapAuthenticator for the usage of any JAAS LoginModule.

Contents

Example

resin-web.xml

<web-app xmlns="http://caucho.com/ns/resin">

 <authenticator type="com.caucho.server.security.LdapAuthenticator">
     <init>
         <jndi-env java.naming.factory.initial="test.DirInitialContextFactory"/>

         <dn-suffix>dc=example,dc=com</dn-suffix>
         <user-attribute>cn</user-attribute>
         <password-attribute>password</password-attribute>
    </init>
 </authenticator>

</web-app>

<init> directives

tag description
jndi-env name/value attribute for assigning JNDI environment attributes
dn-prefix prefix string to add to the user name to create the full name
dn-suffix suffix string to add to the user name to create the full name
user-attribute attribute name for the user to create the full name, e.g. uid
password-attribute attribute name containing the password


<init-param> directives are used to configure the properties of the LoginModule. Existing LoginModules provide documentation of the init-param that are accepted. Custom LoginModule implementations retrieve the init-param values in the initialize method:

JAAS and LDAP

The Sun JDK includes a JndiLoginModule, which in turn is used with Resin's JaasAuthenticator to authenticate against an LDAP server.

Example

resin-web.xml

<web-app xmlns="http://caucho.com/ns/resin">
  <authenticator type="com.caucho.server.security.JaasAuthenticator">
   <init>
     <login-module>com.sun.security.auth.module.JndiLoginModule</login-module>

     <init-param user.provider.url="ldap://ldap.hogwarts.com/ou=People"/>
     <init-param group.provider.url="ldap://ldap.hogwarts.com/ou=Groups"/>

     <init-param debug="true"/>
   </init>
  </authenticator>
</web-app>

<init-param> directives

directive description default
debug If true, show debug information on stdout false
Personal tools