What is LDAP?
LDAP is Lightweight Directory Access Protocol. LDAP is a global directory service, industry-standard protocol, which is based on client-server model and runs on a layerabove the TCP/IP stack. The LDAP provides a facility to connect to, access, modify, and search the internet directory.The LDAP servers contain information which is organized in the
form of a directory tree. The clients ask server to provide information or to perform some operation on a particular information.
- Configuring LDAP with Shiro: By Default Shiro supports Ldap by using JndiLdapRealm API Class.
Step 1:
Create Custom Class and extends the JndiLdapRealm
public class LdapRealmSample extends JndiLdapRealm {
Step 2:
Shiro will look for Realms configured when doing authentication .It will look for the Overridden doGetAuthenticationInfo for authenticating, so form your overridden method like this.
@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
super.setUserDnTemplate("cn={0}," + "userDn"); -> userDN-Directory Structure of the User .
super.setContextFactory(getUpdatedContextFactory()); -> Details Check Step 3.
try {
info = super.doGetAuthenticationInfo(token);
return info;
} catch (Exception e) {
e.printStackTrace();
}
info = super.doGetAuthenticationInfo(token);
return info;
} catch (Exception e) {
e.printStackTrace();
}
Step 3:
Setting Contect Factory to JndiLdapRealm:
Your JndiLdapRealm needs to configure with Ldap Server Details for Context, follow below steps to configure it.
private JndiLdapContextFactory context;
public JndiLdapContextFactory getUpdatedContextFactory()
private JndiLdapContextFactory context;
public JndiLdapContextFactory getUpdatedContextFactory()
{
-> context = new JndiLdapContextFactory();
ps -ef | grep -i ldap -> String url = "ldap://" + hostName + ":"+ portNumber;
context.setUrl(url);
-> context.setSystemUsername(userName);
-> }
->if (ldap.getSystemUserPassword() != null) {
-> context.setSystemPassword(password);
->}
public JndiLdapContextFactory getUpdatedContextFactory() {
Thanks,
-> context = new JndiLdapContextFactory();
- Authentication Mechanism to authenticate Ldap Server: Ldap supports three types of authentication: anonymous, simple and SASL authentication. A client that sends a LDAP request without doing a "bind" is treated as an anonymous client. Simple authentication consists of sending the LDAP server the fully qualified DN of the client (user) and the client's clear-text password. This mechanism has security problems because the password can be read from the network. To avoid exposing the password in this way, you can use the simple authentication mechanism within an encrypted channel (such as SSL), provided that this is supported by the LDAP server.
- HostName : Ldap Serve Installed machine hostname or ipaddress.
- PortNumber: Port Number where Ldap Server is running.
ps -ef | grep -i ldap -> String url = "ldap://" + hostName + ":"+ portNumber;
context.setUrl(url);
- TimeOut: Time used to contact and Ldap Server and Authenticate,it wll be in milli seconds.
- UserName: User Name created while installing Ldap Server .
- Password: Password given for that User.UserName and Password represents the Ldap Server Level not User Level.
-> context.setSystemUsername(userName);
-> }
->if (ldap.getSystemUserPassword() != null) {
-> context.setSystemPassword(password);
->}
- Whole Context factory Setup looks like:
public JndiLdapContextFactory getUpdatedContextFactory() {
context = new JndiLdapContextFactory();
context.setAuthenticationMechanism(“mechanism”);
String url = "ldap://" + hostName + ":"+ portNumber;
context.setUrl(url);
context.getEnvironment().put("com.sun.jndi.ldap.read.timeout", 5000);
if (ldap.getSystemUserName() != null) {
context.setSystemUsername(“UserName”);
}
if (ldap.getSystemUserPassword() != null) {
context.setSystemPassword(“Password”);
}
return context;
}
Thanks,
Pearl
No comments:
Post a Comment