LDAP authentification with username and password

[Stephanie Zohner <st...@gmx.at>]

Hi,

I make use of the LDAP transformer for authentification in my web
application.

When I understood the documentation right then Authentification requires 2
steps:

1. get all necessary user data (username & password) from all users in LDAP
2. Compare the username/password provided with the login with all data sets
retrieved from LDAP, if there is a match, the authenfification was
successful.

Is that right?

Here's my problem then.

I can retrieve both, username and password, but how can I compare the
passwords. The password retrieved from LDAP is encrypted. So in order to
compare
them, I need to encrypt the password on Cocoon side with the same algoithm,
right.
Where do I get the encryption algorithm from?

I guess that almost everybody who does authentication with LDAP must have
had the problem, so how did you solve it?

Please if there are any solution out there, post them, I guess, it could be
very helpful for a lot of members (maybe it's worth a wiki contribution?).

Thanks Stephanie

-- 
NEU F�R ALLE - GMX MediaCenter - f�r Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gru�, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse f�r Mail, Message, More! +++


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: LDAP authentification with username and password

[Yury Mikhienko <Yu...@mobicomk.ru>]

Can you use another way?
For example (one step):

Try get the some attribute (uid, for example) from LDAP (with LDAPTransformer):

      <ldap:initializer>com.sun.jndi.ldap.LdapCtxFactory</ldap:initializer>
      <ldap:serverurl>ldap://ldaphost</ldap:serverurl>
      <ldap:port>389</ldap:port>
      <ldap:scope>ONELEVEL_SCOPE</ldap:scope>
      <ldap:rootdn>uid=<xsp:expr>request.getParameter("username")</xsp:expr>,ou=people,o=mycompany</ldap:rootdn>
      <ldap:password><xsp:expr>request.getParameter("password")</xsp:expr></ldap:password>
      <ldap:attribute>title</ldap:attribute>
      <ldap:attribute>mobile</ldap:attribute>
      <ldap:attribute>cn</ldap:attribute>
      <ldap:attribute>uid</ldap:attribute>
      <ldap:show-attribute>true</ldap:show-attribute>
     </ldap:execute-query>


> Hi,
> 
> I make use of the LDAP transformer for authentification in my web
> application.
> 
> When I understood the documentation right then Authentification requires 2
> steps:
> 
> 1. get all necessary user data (username & password) from all users in LDAP
> 2. Compare the username/password provided with the login with all data sets
> retrieved from LDAP, if there is a match, the authenfification was
> successful.
> 
> Is that right?
> 
> Here's my problem then.
> 
> I can retrieve both, username and password, but how can I compare the
> passwords. The password retrieved from LDAP is encrypted. So in order to
> compare
> them, I need to encrypt the password on Cocoon side with the same algoithm,
> right.
> Where do I get the encryption algorithm from?
> 
> I guess that almost everybody who does authentication with LDAP must have
> had the problem, so how did you solve it?
> 
> Please if there are any solution out there, post them, I guess, it could be
> very helpful for a lot of members (maybe it's worth a wiki contribution?).
> 
> Thanks Stephanie


-- 
 
Best regards,
Yury Mikhienko.
IT ERP group head, ZAO "Mobikom-Kavkaz"

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: LDAP authentification with username and password

[Rod Giffin <ro...@giffinscientific.com>]

Stephanie Zohner said:
> Hi,
>
> I make use of the LDAP transformer for authentification in my web
> application.
>
> When I understood the documentation right then Authentification requires
> 2 steps:
>
> 1. get all necessary user data (username & password) from all users in
> LDAP 2. Compare the username/password provided with the login with all
> data sets retrieved from LDAP, if there is a match, the authenfification
> was successful.
>
> Is that right?
>
> Here's my problem then.
>
> I can retrieve both, username and password, but how can I compare the
> passwords. The password retrieved from LDAP is encrypted. So in order to
> compare
> them, I need to encrypt the password on Cocoon side with the same
> algoithm, right.
> Where do I get the encryption algorithm from?

Hi Stephanie, I'm afraid you have some reading to do.  This is a very big
issue that can't really be handled by e-mail. You do not have to encrypt
the password on the Cocoon side, in fact you shouldn't. What you should do
instead is let the LDAP server authenticate your user based on the
information you pass.  You'll need an API to do this.  At the moment the
best choice is the JLDAP api available from Novell.

http://developer.novell.com/ndk/ldap-index.htm.

There are code examples as well, so you can see how things are done, but I
suggest reading the documentation quite carefully.

Rod.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org