LdapAuthenticator
From CauchoWiki
Resin provides a LdapAuthenticator for the usage of any JAAS LoginModule.
Contents |
[edit] Example
[edit] resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <authenticator type="com.caucho.server.security.LdapAuthenticator"> <init> <jndi-env java.naming.factory.initial="test.DirInitialContextFactory"/> <dn-suffix>dc=example,dc=com</dn-suffix> <user-attribute>cn</user-attribute> <password-attribute>password</password-attribute> </init> </authenticator> </web-app>
[edit] <init> directives
| tag | description |
|---|---|
| jndi-env | name/value attribute for assigning JNDI environment attributes |
| dn-prefix | prefix string to add to the user name to create the full name |
| dn-suffix | suffix string to add to the user name to create the full name |
| user-attribute | attribute name for the user to create the full name, e.g. uid |
| password-attribute | attribute name containing the password |
[edit] JAAS and LDAP
The Sun JDK includes a JndiLoginModule, which in turn is used with Resin's JaasAuthenticator to authenticate against an LDAP server.
[edit] Example
[edit] resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <authenticator type="com.caucho.server.security.JaasAuthenticator"> <init> <login-module>com.sun.security.auth.module.JndiLoginModule</login-module> <init-param user.provider.url="ldap://ldap.hogwarts.com/ou=People"/> <init-param group.provider.url="ldap://ldap.hogwarts.com/ou=Groups"/> <init-param debug="true"/> </init> </authenticator> </web-app>
[edit] <init-param> directives
| directive | description | default |
|---|---|---|
| debug | If true, show debug information on stdout | false |
