Hello Dmitriy,

The problem that I have been encountering is org.exist.security.UserImpl.authenticate().  I think that we need to move the current UserImpl into internal and create a new UserImpl under ldap that authenticates against the LDAP server.

Loren

On Jun 17, 2010, at 10:45 PM, Dmitriy Shabanov wrote:

On Thu, 2010-06-17 at 17:59 -0500, Loren Cahlander wrote:
org.exist.security.ldap.SecurityManagerImpl

Can it org.exist.security.ldap.RealmImpl.java? The design is quite simple: one SecurityManager - several Realms attached to it.

http://exist.svn.sourceforge.net/viewvc/exist/branches/shabanovd/animo/src/org/exist/security/

on authentication request the method in SecurityManager will be call:

public Account authenticate(String username, Object credentials) throws ExceptionAuthentication {
                Account account = null;
                for (Realm realm : realms.values()) {
                        account = realm.authenticate(username, credentials);
                        if (account != null)
                                return account;
                }
                throw new ExceptionAuthentication("User [" + username + "] not found");
        }

As you can see it will go throw all attached realms & try to get authenticated user account.

-- 
Cheers,

Dmitriy Shabanov