You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by iyya <ka...@gmail.com> on 2011/10/07 00:06:11 UTC

Question on ldap authentication using shiro

Hi

I am implementing Shiro security in our application. I have the below
entries in shiro.ini

/[main]
ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=users,dc=mycompany,dc=com
ldapRealm.contextFactory.url = ldaps://ldap url:port
ldapRealm.contextFactory.systemUsername = cn=acc
ldapRealm.contextFactory.systemPassword=password/

It never connects or gives connection exceptions. Enabled debug logging for
shiro packages. But nothing logged. Is something wrong with the above
configuration? Is 'ldaps:' need any ssl configuration?

I have java code as - 
/public void login(String username, String password) {
	UsernamePasswordToken token;
	token = new UsernamePasswordToken(username, password);
	token.setRememberMe(true);
	Subject currentUser = SecurityUtils.getSubject();
	currentUser.login(token);
}/

Is this enough or do i have to implement a custom realm class and its
methods like getAuthenticationInfo()? From the document I understood that it
is invoked by default.


Please note this ldap authentication works fine through spring security as
below -

springsecurity.ldap.authorities.groupSearchBase = 'ou=Groups, o=myCompany'
springsecurity.ldap.search.base = 'o=myCompany'
springsecurity.ldap.context.server = 'ldaps://ldap url:port'
springsecurity.ldap.search.filter = '(uid={0})'
springsecurity.ldap.authorities.groupSearchFilter = 'uniqueMember={0}'
springsecurity.ldap.context.referral = 'follow'
springsecurity.ldap.context.managerDn = 'cn=acc,ou=users'
springsecurity.ldap.context.managerPassword = 'password'


Am i missing setting up of these /search.base and groupSearchBase/, if so
how to do that?

Please show me some samples. Thanks!


--
View this message in context: http://shiro-user.582556.n2.nabble.com/Question-on-ldap-authentication-using-shiro-tp6867533p6867533.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Question on ldap authentication using shiro

Posted by iyya <ka...@gmail.com>.

Yes i had the below line in my shiro.ini.

[main]
ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=users,dc=mycompany,dc=com
ldapRealm.contextFactory.url = ldaps://ldap url:port
ldapRealm.contextFactory.systemUsername = cn=acc
ldapRealm.contextFactory.systemPassword=password

#securityManager.realms = $ldapRealm

After few tries, I commented this out and then tried in java code.

--
View this message in context: http://shiro-user.582556.n2.nabble.com/Question-on-ldap-authentication-using-shiro-tp6867533p6868498.html
Sent from the Shiro User mailing list archive at Nabble.com.