Your Rating: |
![]() ![]() ![]() ![]() ![]() |
Results: |
![]() ![]() ![]() ![]() ![]() |
125 | rates |
LDAP authenticates against more than one LDAP or Active Directory server
Problem:
With introduce new security in magnolia 4.5 we had to make changes in LDAP/AD authentication process. Now is our LDAPAuthenticationModule/ADAuthenticationModule more closer to JCRAuthenticationModule, but result of this change we can authenticate only against one LDAP or Active Directory server.
Goals:
- Enable authentication against more than one LDAP or Active Directory server
- Possibility use LDAPUserAuthentication and ADUserAuthentication in same time
Idea:
- Specific more than one ldap.properties or ad.properties config file in magnolia.properties for each LDAP or Active Directory server which we want use for authentication
Two possibilities of implementation:
1. Use only one property and separate config file by some specific mark
example: jndi.ldap.config=WEB-INF/config/ldap/ldap.properties | WEB-INF/config/ldap/ldap2.properties
2. Use more UserMangers and specific ldap/ad property file for each of the
example: jndi.ldap.config.server1=WEB-INF/config/ldap/ldap1.properties
jndi.ldap.config.server2=WEB-INF/config/ldap/ldap2.properties
2 Comments
Magnolia International
Have a look at MGNLLDAP-9@jira, MGNLLDAP-18@jira and MGNLLDAP-20@jira. I would recommend that if we do any work in the areas mentioned above, we also do it "the Magnolia way". There is no reason why all of this could not be configured in the repository like everything else in Magnolia. (either at module-level or at UserManager-level)
Magnolia International
If we're moving towards using UserManagers, it makes no sense to keep those property files. Configure several UMs, and configure the ldap properties there.