Difference between revisions of "Knowledge:Ldap examples"
Line 3: | Line 3: | ||
=== case openldap === | === case openldap === | ||
− | Take a look at: '''ldap://192.168.0.13:389/dc=macroct,dc=com''' which filter all ldap connection to this node. Then <beans:constructor-arg value="'''ou=roles'''"/> really points to <beans:constructor-arg value="'''ou=roles,dc=macroct,dc=com'''"/> | + | Take a look at: '''ldap://192.168.0.13:389/dc=macroct,dc=com''' which filter all ldap connection to this node. Then : |
+ | * <beans:constructor-arg value="'''ou=roles'''"/> really points to <beans:constructor-arg value="'''ou=roles,dc=macroct,dc=com'''"/> | ||
+ | * <beans:constructor-arg index="0" value="'''ou=organization'''" /> to <beans:constructor-arg index="0" value="'''ou=organization,dc=macroct,dc=com'''" /> | ||
User dn are like '''cn=Manager,dc=macroct,dc=com''' | User dn are like '''cn=Manager,dc=macroct,dc=com''' | ||
Finally take in consideration the value 1 at <beans:property name="groupSearchFilter" value="'''memberUid={1}'''"/> | Finally take in consideration the value 1 at <beans:property name="groupSearchFilter" value="'''memberUid={1}'''"/> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
The configuration | The configuration | ||
Line 58: | Line 54: | ||
=== unknow ldap === | === unknow ldap === | ||
− | Take a look at ldap://192.168.17.40:389/'''dc=mnemo,dc=net''' indicates the default node, then <beans:constructor-arg value="'''ou=OpenKM,ou=aplicaciones,ou=MNEMO'''"/> really points to <beans:constructor-arg value="'''ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net'''"/> | + | Take a look at ldap://192.168.17.40:389/'''dc=mnemo,dc=net''' indicates the default node, then: |
+ | * <beans:constructor-arg value="'''ou=OpenKM,ou=aplicaciones,ou=MNEMO'''"/> really points to <beans:constructor-arg value="'''ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net'''"/> | ||
In this case group parameter is 0 <beans:property name="groupSearchFilter" value="'''uniqueMember={0}'''"/> | In this case group parameter is 0 <beans:property name="groupSearchFilter" value="'''uniqueMember={0}'''"/> |
Revision as of 19:02, 10 October 2012
Vocabulary
dn is Distinguised Name
case openldap
Take a look at: ldap://192.168.0.13:389/dc=macroct,dc=com which filter all ldap connection to this node. Then :
- <beans:constructor-arg value="ou=roles"/> really points to <beans:constructor-arg value="ou=roles,dc=macroct,dc=com"/>
- <beans:constructor-arg index="0" value="ou=organization" /> to <beans:constructor-arg index="0" value="ou=organization,dc=macroct,dc=com" />
User dn are like cn=Manager,dc=macroct,dc=com
Finally take in consideration the value 1 at <beans:property name="groupSearchFilter" value="memberUid={1}"/>
The configuration
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://192.168.0.13:389/dc=macroct,dc=com"/>
<beans:property name="userDn" value="cn=Manager,dc=macroct,dc=com"/>
<beans:property name="password" value="*****"/>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"></beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="ou=roles"/>
<beans:property name="groupSearchFilter" value="memberUid={1}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="true" />
<beans:property name="rolePrefix" value="" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="ou=organization" />
<beans:constructor-arg index="1" value="uid={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
unknow ldap
Take a look at ldap://192.168.17.40:389/dc=mnemo,dc=net indicates the default node, then:
- <beans:constructor-arg value="ou=OpenKM,ou=aplicaciones,ou=MNEMO"/> really points to <beans:constructor-arg value="ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net"/>
In this case group parameter is 0 <beans:property name="groupSearchFilter" value="uniqueMember={0}"/>
User dn are like uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net
Group cn=ROL_USER,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net has a property called uniqueMember with some user dn, like uniqueMember=uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://192.168.17.40:389/dc=mnemo,dc=net"/>
<beans:property name="userDn" value="uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net"/>
<beans:property name="password" value="123abc..."/>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"/>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="ou=OpenKM,ou=aplicaciones,ou=MNEMO"/>
<beans:property name="groupSearchFilter" value="uniqueMember={0}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="false" />
<beans:property name="rolePrefix" value="" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="" />
<beans:constructor-arg index="1" value="uid={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>