Setting up LDAP with Pebble 2.0 M2 (and Acegi) / at least I didn't need to code read... much
Here’s what you’ll want to do:
First, modify WEB-INF/applicationContext-acegi-security.xml.
First, add the LDAP provider to the list in the provider manager:
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="ldapAuthProvider"/>
<ref local="daoAuthenticationProvider"/>
<ref local="rememberMeAuthenticationProvider"/>
</list>
</property>
</bean>
Next add the LDAP provider configuration:
<!-- LDAP CONFIGURATION -->
<bean id="initialDirContextFactory"
class="org.acegisecurity.providers.ldap.DefaultInitialDirContextFactory">
<constructor-arg value="ldap://localhost:389/BASE_DN_HERE“/>
<property name=”managerDn”>
<value>ADMIN_DN_HERE</value>
</property>
<property name=”managerPassword”>
<value>ADMIN_PASSWORD_HERE</value>
</property>
</bean>
<bean id=”ldapAuthProvider”
class=”org.acegisecurity.providers.ldap.LdapAuthenticationProvider”>
<constructor-arg>
<bean
class=”org.acegisecurity.providers.ldap.authenticator.BindAuthenticator”>
<constructor-arg>
<ref local=”initialDirContextFactory”/>
</constructor-arg>
<property name=”userDnPatterns”>
<list>
<value>uid={0},ou=People</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean
class=”org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator”>
<constructor-arg>
<ref local=”initialDirContextFactory”/>
</constructor-arg>
<constructor-arg>
<value>ou=PebbleRoles</value>
</constructor-arg>
<property name=”groupRoleAttribute”>
<value>ou</value>
</property>
</bean>
</constructor-arg>
</bean>
This is almost straight from the Acegi docs. It assumes that your users reside under the organizational unit People<code> in the base DN.
</p>
<p>
Then, to do the roles you need to create the organizational unit <code>PebbleRoles, and list under that a number of entries of class groupOfNames. They can be named anything friendly, but each should have a list of members under the People unit, eg: uid=brett,ou=People,dc=maven,dc=org. Each also needs to have it’s own ou entry set to the Pebble role name, without the ROLE_ prefix, eg. PEBBLE_ADMIN, BLOG_CONTRIBUTOR, BLOG_OWNER.
This is enough to authenticate your user with appropriate roles (assuming the user has a password set in LDAP).
The last thing you’ll find is that the posts are all listed “by null”. It turns out Pebble doesn’t load anything but auth data from LDAP, so you’ll still need the same realm.properties as you’ll need for the DAO auth. provider setup. The password and roles can be anything (just not blank), but the name, emailAddress and website are all used. Hopefully that’ll change in later versions.
- BROWSE / IN TIMELINE
- « Setting up Pebble 2.0 M2 in Multiuser Mode
- » Tools to Convert Moveable Type to Pebble
- BROWSE / IN Uncategorized
- « Setting up Pebble 2.0 M2 in Multiuser Mode
- » Pebble Rocks
COMMENTS / 3 COMMENTS
Simon Brown added these pithy words on Jun 17 06 at 7:56 amThe last thing you’ll find is that the posts are all listed “by null”. It turns out Pebble doesn’t load anything but auth data from LDAP, so you’ll still need the same realm.properties as you’ll need for the DAO auth. provider setup.
I knew this would crop up once somebody started using something other than the bespoke realm. I’ll abstract the functionality up into an interface, then it should be an easy job to write create a new bean, wire your LDAP provider and grab the user details from there.
kidd chaos added these pithy words on Jun 21 06 at 10:37 amGuy I know is going to write and hopefully get added the LdapDaoImpl for this acegi interface soon:
Keep an eye out…
Héctor Reyes added these pithy words on Feb 01 07 at 11:10 pmIn seccion LDAP CONFIGURATION on example say:
org.acegisecurity.providers.ldap.DefaultInitialDirContextFactory
and must be say:
org.acegisecurity.ldap.DefaultInitialDirContextFactory
SPEAK / ADD YOUR COMMENT
Comments are moderated.
Recent Comments