You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by iyya <ka...@gmail.com> on 2011/10/07 00:06:11 UTC
Question on ldap authentication using shiro
Hi
I am implementing Shiro security in our application. I have the below
entries in shiro.ini
/[main]
ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=users,dc=mycompany,dc=com
ldapRealm.contextFactory.url = ldaps://ldap url:port
ldapRealm.contextFactory.systemUsername = cn=acc
ldapRealm.contextFactory.systemPassword=password/
It never connects or gives connection exceptions. Enabled debug logging for
shiro packages. But nothing logged. Is something wrong with the above
configuration? Is 'ldaps:' need any ssl configuration?
I have java code as -
/public void login(String username, String password) {
UsernamePasswordToken token;
token = new UsernamePasswordToken(username, password);
token.setRememberMe(true);
Subject currentUser = SecurityUtils.getSubject();
currentUser.login(token);
}/
Is this enough or do i have to implement a custom realm class and its
methods like getAuthenticationInfo()? From the document I understood that it
is invoked by default.
Please note this ldap authentication works fine through spring security as
below -
springsecurity.ldap.authorities.groupSearchBase = 'ou=Groups, o=myCompany'
springsecurity.ldap.search.base = 'o=myCompany'
springsecurity.ldap.context.server = 'ldaps://ldap url:port'
springsecurity.ldap.search.filter = '(uid={0})'
springsecurity.ldap.authorities.groupSearchFilter = 'uniqueMember={0}'
springsecurity.ldap.context.referral = 'follow'
springsecurity.ldap.context.managerDn = 'cn=acc,ou=users'
springsecurity.ldap.context.managerPassword = 'password'
Am i missing setting up of these /search.base and groupSearchBase/, if so
how to do that?
Please show me some samples. Thanks!
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Question-on-ldap-authentication-using-shiro-tp6867533p6867533.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Question on ldap authentication using shiro
Posted by iyya <ka...@gmail.com>.
Yes i had the below line in my shiro.ini.
[main]
ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=users,dc=mycompany,dc=com
ldapRealm.contextFactory.url = ldaps://ldap url:port
ldapRealm.contextFactory.systemUsername = cn=acc
ldapRealm.contextFactory.systemPassword=password
#securityManager.realms = $ldapRealm
After few tries, I commented this out and then tried in java code.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Question-on-ldap-authentication-using-shiro-tp6867533p6868498.html
Sent from the Shiro User mailing list archive at Nabble.com.