Skip to Content

Wiki source code of LDAP/ADS login service

Version 3.1 by wolfgang_glas@iteg_at on 2012-01-19 12.38:55
Show last authors
1 The ldap-login-service is provided as an OSGi bundle, which may be activated by
2
3 (% class="code" %)
4 (((
5 obr:addurl http:~/~/maven.clazzes.org/repository.xml
6 )))
7
8 (% class="code" %)
9 (((
10 obr:deploy gwt-ldap-login-service
11 )))
12
13 The maven artifact is:
14
15 (% class="code" %)
16 (((
17 <groupId>org.clazzes.gwt</groupId>
18 )))
19
20 (% class="code" %)
21 (((
22 <artifactId>gwt-ldap-login-service</artifactId>
23 )))
24
25 === {{id name="LDAP/ADSloginservice-Functionality"/}}Functionality ===
26
27 The LDAP login service authenticates against users in an ADS domain or against users in an LDAP server configured for an individual domain.
28
29 The LDAP login service might need credential to bind to an LDAP Server before actually searching a user name based on the given userAttribute.
30
31 For ADS Servers a non-search policy is implemented, which tries to bind using a principal in the form user@domain.
32
33 === {{id name="LDAP/ADSloginservice-Configuration"/}}Configuration ===
34
35 The LDAP login service may be configured using the OSGi configuration PID
36
37 (% class="code" %)
38 (((
39 org.clazzes.gwt.login.ldap
40 )))
41
42 as shown in the following gwt-config-manager screenshot
43
44 [[image:attach:Bildschirmfoto 2012-01-18 um 21.03.50.png||title="Bildschirmfoto 2012-01-18 um 21.03.50.png"]]
45
46 The configuration values are
47
48 |=(((
49 Key
50 )))|=(((
51 Default Value
52 )))|=(((
53 Description
54 )))
55 |(((
56 defaultDomain
57 )))|(((
58
59 )))|(((
60 The domain to use for principals, which do not contain a domain.
61 )))
62 |(((
63 maxRetries
64 )))|(((
65 3
66 )))|(((
67 The maximal number of retries before a user agent is blocked.
68 )))
69 |(((
70 sessionTimeout
71 )))|(((
72 180
73 )))|(((
74 The session timeout in Minutes to set on the HTTPSession upon successful authentication.
75 )))
76 |(((
77 userAttribute
78 )))|(((
79 samAccountName
80 )))|(((
81 The LDAP attribute to use for finding a DN for a given user.
82 )))
83 |(((
84 domain.<domain>.controller
85 )))|(((
86
87 )))|(((
88 The server to contact. Supported URL schemes: ldap, ldaps, ads. See below
89 )))
90 |(((
91 domain.<domain>.authMethod
92 )))|(((
93 searchAndBind
94 )))|(((
95 The method for authenticating a user. Supported methods: searchAndBind, bindAds.
96 )))
97 |(((
98 domain.<domain>.bindpw
99 )))|(((
100
101 )))|(((
102 The password used for binding before searching the given user in the domain <domain>. Applies only to the authMethod 'searchAndBind'.
103 )))
104 |(((
105 domain.<domain>.binduser
106 )))|(((
107
108 )))|(((
109 The DN used for binding before searching the given user in the domain <domain>. Applies only to the authMethod 'searchAndBind'.
110 )))
111
112 There might be multiple domains in a configuration.
113
114 === {{id name="LDAP/ADSloginservice-ControllerSchemes"/}}Controller Schemes ===
115
116 The URL schemes for a domain controller are ldap, ldaps and ads.
117
118 The ads URL scheme for the URL ads:~/~/mydomain.com undertakes a lookup for the
119
120 (% class="code" %)
121 (((
122 TXT _ldap._tcp.mydomain.com
123 )))
124
125 DNS record and the uses the returned LDAP server as if the ldap or ldaps URI scheme has been specified.