1 comment
Comment actions Permalink

OK I got lookup working against multiple servers: it's enough to just
specify a list like
java.naming.provider.url=ldap://ldap.mycompany.com:389
ldap://ldap2.mycompany.com:389 ldap://ldap3.mycompany.com:389

My big question remains though - is there any way to access the full
JAAS functionality - e.g. as described here
http://java.sun.com/javase/6/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/LdapLoginModule.html

I get the impression that what I'm doing currently is authenticating
directly against the AD server, which means looking for an LDAP node
with the login name that I'm giving, whereas what I need to do is
actually perform a search in the attributes for all LDAP nodes (which
requires a pre-authentication stage as a known user).

I don't know very much about LDAP/AD though, so it's possible there is
just some config option I am missing. I'm trying to achieve validation
of the short user name instead of the full user name; I think the only
way to achieve this is to first of all log in the AD server as a known
user and then do a search of the directory, looking for a sAMAccountName
which matches the login being tried.

Any hints welcome!
R

0

Please sign in to leave a comment.