[jboss-dev-forums] [Design of Security on JBoss] - Re: new LDAP Login Module

[rsoika]

Hi scott,

I did not seen the org.jboss.security.auth.spi.LdapExtLoginModule before - so I did a lot of work twice ;-)
but ok. I updated my code a little bit so it uses now the smarter search filter param like used in the org.jboss.security.auth.spi.LdapExtLoginModule. 

I think the main different is now the method searchDistinguishedName() and the fact that the distinguished name found will replace the CallerPrincipal. 
Also the Distinguished name is translated into a composite name. 
So for example: users login with "x007" -> DN of the UserObeject is "James Bond,OU=Secret Service" -> Composite name is "James Bond/OU=Secret Service".

Maybe this is an insignificant detail but in our workflow project (www.imixs.org) we are constrained to work with composite names.

I tried now also the org.jboss.security.auth.spi.LdapExtLoginModule to configure my Lotus Domino Server - but have no success.

I think it is not a recommendable way to overload the org.jboss.security.auth.spi.LdapExtLoginModule or org.jboss.security.auth.spi.LdapLoginModule with more params so things like the replacement of the caller pricipal or the translation into a composite DN will be configurable. This modules did work ok. Maybe JBoss will offer more specialized LDAP Login Modules for different servers like my one for Lotus Domino?

kind regards
ralph


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3972099#3972099

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3972099