Getting roles from LDAP user's group

2009-04-07
2013-05-08
  • Lhomme Thomas
    Lhomme Thomas
    2009-04-07

    Hi again =)

    Now my application work.
    So now, i want to try to getting roles from LDAP:
    Actually, i compare LDAP users from login page with my jGuardUsersPrincipals.xml.
    My question is to know if it is possible to get the user's groupe form LDAP and associate it to a roles.

    example: user gertude connect on LDAP, access is okay. In LDAP gertrude is attached to the 'admin' group. now i want to get this group and adding roles automatically. Actually the problem is if a new user is entered in LDAP, in need to re-populate my jGuardUsersPrincipals.xml file.

    Is there a way to do that?

    Thank you.
    Cheers.

     
    • I guess this feature is not implemented yet. You should extend the login module to get the roles.

      Honestly, I can't figure out why you will use the LDAP groups. The users have the same role in your application that they have in the network?

      []'s
      Vinícius Pitta Lima de Araújo
      http://www.viniciusaraujo.ent

       
    • Lhomme Thomas
      Lhomme Thomas
      2009-04-07

      Yes, users are in group, and they access will depend of this group.
      i will try to modify the login module.

       
      • Charles Lescot
        Charles Lescot
        2009-04-08

        hi,
        i'm interested in your feedback on customisazation of the JNDILoginModule to grab roles from the directory.

        feel free to post questions or comments on this forum.
        cheers,

        Charles.

         
    • Lhomme Thomas
      Lhomme Thomas
      2009-04-10

      Youhou, it's working, here is the code sample:

      In my web.xml:
                   <option>
                       <name>addRolesFromDirectory</name>
                       <value>memberOf</value>
                   </option>

      And in My JNDILoginModule at the login method:

                  if(options.containsKey("addRolesFromDirectory")){
                      String dirFieldName = (String) options.get("addRolesFromDirectory");
                      Iterator it = credentials.iterator();
                      while(it.hasNext()){
                          JGuardCredential jgcred = (JGuardCredential) it.next();
                          if(jgcred.getId().equals(dirFieldName)){
                              String value = (String) jgcred.getValue();
                              String[] listAll = value.split(",");
                              for(int i=0; i<listAll.length;i++){
                                  if(listAll[i].substring(0, 2).equals("CN")){
                                      RolePrincipal myRolePrincipal = new RolePrincipal(listAll[i].substring(listAll[i].indexOf("CN=")+3), "Carte_Scolaire");
                                      subject.getPrincipals().add(myRolePrincipal);
                                  }
                              }
                          }
                      }
                  }

      And now it's okay

      cheers.

       
  • Shai Ify
    Shai Ify
    2010-06-21

    Hi spiif,
    If I understnad right, you managed to get authentication work via LDAP. Can you please share your web.xml , JGuardAuthentication.xml and JGuardAuthorization.xml file. Also, how did you modify the loginmodules to get authentication work? It would be gr8 if you could share some of the stuff