I'm trying to use LDAP as a form of authentication for users in my system. Right now I have a login page that after they input their username and password. The system will check the username with the database and then checks their name to match it with the active directory so as to check whether the password matches. However, I'm not sure how to start implementing. So, is there anyone out there that can guide me with links and guides to have a kick start and how to complete this particular function.
Thank you guys so much :)
look at the spring-security-ldap plugin
Related
I would like anyone to go to the server's home page and just see the dashboard—without having an account or logging in. They would have to log in if they wanted to see/do anything else.
Is this even possible?
If it's possible use some plugin based on Matrix Authorization Strategy for example this. Then add read permission for Anonymous Users.
I am using ApacheDS 2.0.0.v20130628,I use Spring security ldap to authenticate users.
For a new user,once user registers an account with the web application an email will be sent to make the account active so that his email will also be verified.Until User clicks on the link sent to his email,User should not be able to Login to the application.So how can I disable the user account till then?
I came across with an attribute on web nsAccountLock,But I am unable to find this attribute in ApacheDS.
I want to know is there anything in ldap-user-service like "active" which is used in a SQL query for JDBC User service in spring security?
Any suggestions as how to go about on this?
nsAccountLock is used to lock accounts in Oracle Directory Server. But not in apache Directory server. even i'm facing the same issue for finding attribute for disabling user in Apache DS. its looks like they havent created any attribute for it.
I have used 'pager' as a option to know if the user is enabled or disabled.
Use the 'pwdAccountLockedTime' operationsl attribute, that's the standard way in Apache DS.
For more details refer
I have a Rails application with devise-like authentication and a lot of parts that depend on it. Now I want to add a chat between users using ejabberd (xmpp). I was searching through net and found that it's quite possible, but I can't understand how to make authorization in ejabberd server. For example user logins in a Rails app through login page with one credentials how to implement ejabberd loggining in this action? It will not be good to write like "please, put your user pw and ejabbered pw". Other way is to monkey-patch users registration, so ejabbered will use the same pw as user in the database and I will make authorization in one action, but will it be good? And how long user will be online in this way? Maybe I misunderstood something?
I've used rails extauth script like this https://github.com/geoiq/digitalgazette/blob/master/mods/chat/files/ejabberd-auth.rb and ruby_bosh gem for my application.
So now ejabberd is using my app to authenticate users. At login (for example) user's jid and password is using by ruby_bosh to make session and get jid, rid and sid saving them to session to use them later in a strophejs.
I'm new to Grails, and have jumped into version 2. I'm developing a project that uses Spring Security 3 - and this is working fine - but I want to use my organisations LDAP server (if / when it is available) to do the following:
authenticate users
update the local user data with details from LDAP
create the user if they don't exist
update the local users password (in case the LDAP server isn't available)
log that user in
I may have skipped a lot of fundamental stuff on my way to getting this working, like actually how Grails works - and I'm struggling to understand how to actually interrupt the Spring Security authentication process with an LDAP lookup, then how to get those details back in a way that I can use them to either update an existing user or create a new one...
I found a basic tutorial here: http://jamesjefferies.com/2011/01/06/grails-spring-security-ldap/ which means I can authenticate myself as a user from the LDAP server - although Spring Security still shows me as logged out, but will not let me log in either until I manually log out... so its kind of in a login-limbo.
The magic is doing my head in... at first I was amazed that I could build an entire web-app with a few commands and a few hours customization - but it's coming back to bite me now - as is the lack of useful examples... and the Spring Security LDAP plugin documentation is somewhat lacking (or maybe its my lack of understanding).
So, primarily I would like some help to complete the authentication so that it checks the user database for an existing user and updates them, or creates the user if they don't exist... but I would also love it if someone could give me a brief overview of the authentication process in Grails so I can understand whats actually happening, and where I should intercept things.
Cheers in advance for any help
Steve
There is a good example here that shows how to implement a custom user details mapper. I used that method on an LDAP login Grails 2.0 app successfully. Basically you have a CustomUserDetailsContextMapper that implements the UserDetailsContextMapper interface which you then use to override the default implementation by registering the bean in conf>spring>resources.groovy. Then inside your CustomUserDetailsContextMapper you check for a user(your domain class) with a matching username and if none exists you creates one using data from the ctx.originalAttrs which contains data from the ldap query results. You must then return a new org.springframework.security.core.userdetails.User. You can extend this class to add other fields that you want to be able to access directly from the principal object.
As the title says: how can I use the Restful Authentication Plugin with Ruby on Rails. When I want to create a new user, it requires me to set the (wrong-named, confusing field) login (= username), email address and password. However, I want, like Facebook does, to require the user to enter only an email address and password, not a username. People will also login with this email address.
Can anyone help me?
Can you hash the email to a unique user-name and just never expose the field to the user?
Restful Authentication includes generators that set up your models and migrations. You're free to edit those as you see fit.
You would just need to edit the validations in the User model for the login field. I'm not sure if the default users table migration include :null=>false for the login field, but that's a simple fix as well.
Set the username and email to the same value?
What BlueRaja says, or use authlogic, which can easily be modified to support what you are trying to achieve.
Also, if you're going to do this, why not go the next step and support OpenId? It's available as an addon to authlogic.
I forked a version of restful auth and modified it to not use usernames. Not thouroughly tested with all options but it passes the tests. Check it out if you want: https://github.com/jamiequint/restful-authentication