You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by ch...@lhsystems.com on 2005/06/15 16:34:05 UTC
WG: [server] writing my own authenticator
Hi everyone,
I've written my own authenticater extending org.apache.ldap.server.authn.AbstractAuthenticator. Everything works fine so far. But now I need to know the remote host which the request was send from. Is there a way to get this piece of information?
This inforamtion would also be usefull in classes implemnting org.apache.ldap.server.ContextPartition. Is there any kind of session information at this point accessible from there?
Thanks for the good work, you've done.
Best regards
Christian
Re: WG: [server] writing my own authenticator
Posted by Alex Karasulu <ao...@bellsouth.net>.
christian.huebert@lhsystems.com wrote:
>Hi everyone,
>
>I've written my own authenticater extending org.apache.ldap.server.authn.AbstractAuthenticator. Everything works fine so far. But now I need to know the remote host which the request was send from. Is there a way to get this piece of information?
>
>
Not at the moment. See there is a catch here because the store may be
embedded but may not be accessed via LDAP but by non-LDAP based JNDI
operations from the embedding program. So the backend subsystems should
remain free of IP information. However a type free hash can be used to
pass this information back to the backend and make info available wrt
LDAP line protocol info and IP info.
I think the best way to achieve this is through the JNDI environment
itself. This however means environment parameters must be passed around
or the JNDI context must be available to accecss the environment.
Authenticators have the following signature:
public LdapPrincipal authenticate( ServerContext ctx ) throws
NamingException;
So we're good if the protocol provider stuff's this extra information
into the environment of the context. We can make the changes but how
should we manage the keys?
What do you want in there? Would you like to make the changes yourself
and see if it works?
>This inforamtion would also be usefull in classes implemnting org.apache.ldap.server.ContextPartition. Is there any kind of session information at this point accessible from there?
>
>
IMHO the context can contain a session object too but this is not about
session information at this point. It's more request level needed to
establish session right, afterall you are authenticating and doing an
LDAP bind operation. WDYT?
Alex