Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: 1.0.0 RC2
    • Component/s: LDAP
    • Labels:
      None

      Description

      This can probably be done using a specific authenticator implementation or by extending the existing BindAuthenticator.

        Activity

        Hide
        Luke Taylor added a comment -

        It seems that AD can be supported using the existing authentictor. From my post of the dev list:

        [quote]
        I've heard of two "alternative" pseudo-DN syntaxes supported by AD. One
        is "username@domain" and the other is "domain\username".

        I think you can try binding with either of these using the existing
        BindAuthenticator. If the user types in the entire name, you could have:

        <property name="userDnPatterns">
        <list>
        <value>

        {0}</value>
        </list>
        </property>

        or if they only type in the username part, you could use something like

        <property name="userDnPatterns">
        <list>
        <value>{0}

        @mycompany.com</value>
        <!-- and/or -->
        <value>domain{0}</value>
        </list>
        </property>

        [/quote]

        Anthony Geoghegan's response:

        [quote]

        I've tested both:
        <value>

        {0}

        @mycompany.com</value>
        <!-- and/or -->
        <value>domain{0}</value>

        And they work with Active Directory 2003. The top one is of special
        interest as this is the Kerberos service principal name.

        [/quote]

        User's can of course also bind with a full DN directly.

        Show
        Luke Taylor added a comment - It seems that AD can be supported using the existing authentictor. From my post of the dev list: [quote] I've heard of two "alternative" pseudo-DN syntaxes supported by AD. One is "username@domain" and the other is "domain\username". I think you can try binding with either of these using the existing BindAuthenticator. If the user types in the entire name, you could have: <property name="userDnPatterns"> <list> <value> {0}</value> </list> </property> or if they only type in the username part, you could use something like <property name="userDnPatterns"> <list> <value>{0} @mycompany.com</value> <!-- and/or --> <value>domain{0}</value> </list> </property> [/quote] Anthony Geoghegan's response: [quote] I've tested both: <value> {0} @mycompany.com</value> <!-- and/or --> <value>domain{0}</value> And they work with Active Directory 2003. The top one is of special interest as this is the Kerberos service principal name. [/quote] User's can of course also bind with a full DN directly.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Luke Taylor
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: