Page tree
Skip to end of metadata
Go to start of metadata

Your Rating: Results: 1 Star2 Star3 Star4 Star5 Star 123 rates

GREY

LDAP authenticates against more than one LDAP or Active Directory server

Problem:

With introduce new security in magnolia 4.5 we had to make changes in LDAP/AD authentication process. Now is our LDAPAuthenticationModule/ADAuthenticationModule more closer to JCRAuthenticationModule, but result of this change we can authenticate only against one LDAP or Active Directory server.

Goals:

  • Enable authentication against more than one LDAP or Active Directory server
  • Possibility use LDAPUserAuthentication and ADUserAuthentication in same time

Idea:

  • Specific more than one ldap.properties or ad.properties config file in magnolia.properties for each LDAP or Active Directory server which we want use for authentication

Two possibilities of implementation:

1. Use only one property and separate config file by some specific mark
    example: jndi.ldap.config=WEB-INF/config/ldap/ldap.properties | WEB-INF/config/ldap/ldap2.properties

2. Use more UserMangers and specific ldap/ad property file for each of the
    example: jndi.ldap.config.server1=WEB-INF/config/ldap/ldap1.properties
                  jndi.ldap.config.server2=WEB-INF/config/ldap/ldap2.properties

2 Comments

  1. Have a look at MGNLLDAP-9@jira, MGNLLDAP-18@jira and MGNLLDAP-20@jira. I would recommend that if we do any work in the areas mentioned above, we also do it "the Magnolia way". There is no reason why all of this could not be configured in the repository like everything else in Magnolia. (either at module-level or at UserManager-level)

  2. If we're moving towards using UserManagers, it makes no sense to keep those property files. Configure several UMs, and configure the ldap properties there.