Extending LDAPLogin Module

Hi,

The current TC LDAPLoginModule does not suit my needs.

- First off, I cannot expect my users to enter their complete DN in order to login,
- Secondly, we iPlanet and I cannot make use of the FormatDN parameter because the dn is different since the LDAP db is organized by location.

For example,

For user = scott, the dn could be uid=scott,ou=Users,ou=LocationA,ou=Engineering,dc=cae,dc=ca

For user = tom, the dn could be uid=tom,ou=Users,ou=LocationB,ou=Administration,dc=cae,dc=ca

I simply want the user to enter "scott" or "tom" in the login box. Since I cannot make use of the FormatDN param, I was thinking that I would have to extend LDAPLoginModule in order to get the param "scott", query LDAP to find the DN for uid=scott and then pass it to LDAPLoginModule.

Has anyone else had this issue? Can the TC dev team give me pointers as to how I can get the login value from the LDAPLoginModule.initialize() params?

Thanks,

Scott

3 comments

Scott Hebert wrote:

There's plenty implementations of JAAS LoginModule in JDK sources.
Specifically com.sun.security.auth.module.LdapLoginModule (since 1.6) is
really good and well-documented example. We provide our own module
because of requirement to be compatible with 1.5. Also, Sun's module
provides wider range of authentication options than ours.

Hi,

The current TC LDAPLoginModule does not suit my needs.

- First off, I cannot expect my users to enter their complete DN in order to login,
- Secondly, we iPlanet and I cannot make use of the FormatDN parameter because the dn is different since the LDAP db is organized by location.

For example,

For user = scott, the dn could be uid=scott,ou=Users,ou=LocationA,ou=Engineering,dc=cae,dc=ca

For user = tom, the dn could be uid=tom,ou=Users,ou=LocationB,ou=Administration,dc=cae,dc=ca

I simply want the user to enter "scott" or "tom" in the login box. Since I cannot make use of the FormatDN param, I was thinking that I would have to extend LDAPLoginModule in order to get the param "scott", query LDAP to find the DN for uid=scott and then pass it to LDAPLoginModule.

Has anyone else had this issue? Can the TC dev team give me pointers as to how I can get the login value from the LDAPLoginModule.initialize() params?

Thanks,

Scott



--
Alexey Gopachenko
JetBrains Inc.
http://www.intellij.com
"Develop with pleasure!"

0

Thank you for your response. I was able to get it to work.

My problem is now, is that once I have successfully authenticated against the LDAP directory, TC takes the login name to be the ghastly DN...I'd like the LDAP uid to be the login name. I gather this is handled in the login() method but I do not quite know how to override LDAPLoginModule's method...

Can JetBrains provide that method?

Thanks,

Scott

0

Scott Hebert wrote:

Thank you for your response. I was able to get it to work.

My problem is now, is that once I have successfully authenticated against the LDAP directory, TC takes the login name to be the ghastly DN...I'd like the LDAP uid to be the login name. I gather this is handled in the login() method but I do not quite know how to override LDAPLoginModule's method...

Can JetBrains provide that method?


This is quite a hack but you can try to modify authentication Subject
principals set. Look for ServerPrincipal instance. Do it right after
successful login.

--
Alexey Gopachenko
JetBrains Inc.
http://www.intellij.com
"Develop with pleasure!"

0

Please sign in to leave a comment.