You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Wu, James C." <Ja...@disney.com> on 2013/04/12 17:43:07 UTC
add ldap entry in apacheds within simple authentication module
Hi,
I am trying to override the simple LDAP authentication with a customer
external authentication source. After the external authentication
succeeds, I would like to insert the principal into the apacheds ldap
store.
I do not want to bind to apacheds as admin in the simple authentication
module as it seems to be absurd because simple authentication module is
already within the server process, it should be able to made changes to
the ldap store directly. I don't want to by-pass all interceptors though,
because I want the kerberos keys to be generated automatically by the
kerberos key derivation service.
Does anyone know how to do this?
Regards,
James
RE: add ldap entry in apacheds within simple authentication module
Posted by "Wu, James C." <Ja...@disney.com>.
Hi,
I got into a problem using the suggested approach. The authentication module is used in the bind process, which sets a read lock on the ldap store at the beginning before it reaches the authentication module. In order to insert new entries, a write lock is required. However, given that at the beginning of the binding process, there is already a read-lock, it is impossible to get a write lock.
Is there any other place or classes/interceptors, I can overwrite to achieve the goal?
james
From: ayyagarikiran@gmail.com [mailto:ayyagarikiran@gmail.com] On Behalf Of Kiran Ayyagari
Sent: Friday, April 12, 2013 9:01 AM
To: Apache Directory Developers List
Subject: Re: add ldap entry in apacheds within simple authentication module
On Fri, Apr 12, 2013 at 9:13 PM, Wu, James C. <Ja...@disney.com>> wrote:
Hi,
I am trying to override the simple LDAP authentication with a customer
external authentication source. After the external authentication
succeeds, I would like to insert the principal into the apacheds ldap
store.
I do not want to bind to apacheds as admin in the simple authentication
module as it seems to be absurd because simple authentication module is
already within the server process, it should be able to made changes to
the ldap store directly. I don't want to by-pass all interceptors though,
because I want the kerberos keys to be generated automatically by the
kerberos key derivation service.
Does anyone know how to do this?
just inject your custom authenticator and use the admin CoreSession from DirectoryService to inject
the required entry after authentication succeeds
Regards,
James
--
Kiran Ayyagari
http://keydap.com
Re: add ldap entry in apacheds within simple authentication module
Posted by Kiran Ayyagari <ka...@apache.org>.
On Fri, Apr 12, 2013 at 9:13 PM, Wu, James C. <Ja...@disney.com> wrote:
> Hi,
>
> I am trying to override the simple LDAP authentication with a customer
> external authentication source. After the external authentication
> succeeds, I would like to insert the principal into the apacheds ldap
> store.
>
> I do not want to bind to apacheds as admin in the simple authentication
> module as it seems to be absurd because simple authentication module is
> already within the server process, it should be able to made changes to
> the ldap store directly. I don't want to by-pass all interceptors though,
> because I want the kerberos keys to be generated automatically by the
> kerberos key derivation service.
>
> Does anyone know how to do this?
>
just inject your custom authenticator and use the admin CoreSession from
DirectoryService to inject
the required entry after authentication succeeds
>
> Regards,
>
> James
>
>
--
Kiran Ayyagari
http://keydap.com