[jboss-dev-forums] [TODO - DEVELOPMENT] - new LDAP Login Module

[rsoika]

Hi,

I have developed a new LDAP Login Module with a comparable functionality like the org.jboss.security.SimpleGroup.LdapLoginModule.
The  org.jboss.security.SimpleGroup.LdapLoginModule did a good job but when I tried to configure my IBM Lotus Domino Server with this Modul I run into some problems. 
The first was that I could not configure that the user authenticates with an UserID but the CallerPricipal should be the destinguished name of the user. This is needed if you implementing an application with business logic that needs the "real" name of the user and not the login name when calling getCallerPrincipal(). Maybe this is a special functionality of IBM Lotus Domino LDAP that you can login with different names (?).
The second problem was that the LdapLoginModul only returns Roles (Groups) where the user is member but not Groups which are encapsulated. E.g. User is member of "Group A" and "Group A" is member of "Group B". So you got only the "Group A" in the Roles Set but not "Group B".

I implemented the new Login Modul  org.imixs.jboss.security.LdapLoginModuleExt.  
This Class addresses this two issues and works perfectly with the Lotus Domino LDAP Directory. I think this Modul can be an alternative to the org.jboss.security.auth.spi.LdapLoginModule. 

I documented the Code at: 
http://www.imixs.org/websites/imixs-org.nsf/chapter/0300.0100.0020.?OpenDocument

and posted the source code also at:
http://www.imixs.org/websites/imixs-org.nsf/chapter/0100.0042./$file/org.imixs.jboss.security_1.0.jar?open

There are some ishues I could not implement (like the decode Function) which is protected in the org.jboss.security.auth.spi package.
Let me know if this Login module is of interest for you.


Ralph

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971966#3971966

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3971966