You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by ch...@lhsystems.com on 2005/06/15 16:34:05 UTC

WG: [server] writing my own authenticator

Hi everyone,

I've written my own authenticater extending org.apache.ldap.server.authn.AbstractAuthenticator. Everything works fine so far. But now I need to know the remote host which the request was send from. Is there a way to get this piece of information?

This inforamtion would also be usefull in classes implemnting org.apache.ldap.server.ContextPartition. Is there any kind of session information at this point accessible from there?

Thanks for the good work, you've done.

Best regards
Christian

Re: WG: [server] writing my own authenticator

Posted by Alex Karasulu <ao...@bellsouth.net>.

christian.huebert@lhsystems.com wrote:

>Hi everyone,
>
>I've written my own authenticater extending org.apache.ldap.server.authn.AbstractAuthenticator. Everything works fine so far. But now I need to know the remote host which the request was send from. Is there a way to get this piece of information?
>  
>
Not at the moment.  See there is a catch here because the store may be 
embedded but may not be accessed via LDAP but by non-LDAP based JNDI 
operations from the embedding program.  So the backend subsystems should 
remain free of IP information.  However a type free hash can be used to 
pass this information back to the backend and make info available wrt 
LDAP line protocol info and IP info.

I think the best way to achieve this is through the JNDI environment 
itself.  This however means environment parameters must be passed around 
or the JNDI context must be available to accecss the environment.

Authenticators have the following signature:

    public LdapPrincipal authenticate( ServerContext ctx ) throws 
NamingException;

So we're good if the protocol provider stuff's this extra information 
into the environment of the context.  We can make the changes but how 
should we manage the keys?

What do you want in there?  Would you like to make the changes yourself 
and see if it works?
 

>This inforamtion would also be usefull in classes implemnting org.apache.ldap.server.ContextPartition. Is there any kind of session information at this point accessible from there?
>  
>
IMHO the context can contain a session object too but this is not about 
session information at this point.  It's more request level needed to 
establish session right, afterall you are authenticating and doing an 
LDAP bind operation.  WDYT?

Alex