[Glass] LDAP-Support ...
Dale Henrichs
dale.henrichs at gemtalksystems.com
Tue Jan 21 10:26:00 PST 2014
Bruon,
I meant to send this earlier, but we have made changes to the the LDAP
handling in 3.2 to accomodate (we think) your use case.
Please take a look at this comment from System class
>>validatePasswordUsingLdapServers:baseDn:filterDn:userId:password:bindDn:Password:
and let us know if this looks like it would work for you:
"Use the LDAP server URI(s) specified in aUriArray to validate the password
pw
is valid for aUserId.
aUriArray must be an array of strings containing LDAP URI addresses
(for example: 'ldaps://foo.bar.com') or nil. nil indicates the LDAP
directories in the .ldaprc file should be used.
In order to validate the password, the complete distinguesh name (DN) for
userId must be determined. The DN can either be constructed from the
baseDn
pattern (explicit mode) or the DN may be resolved by searching the LDAP
directory
(search mode). In explicit mode, baseDn must be a string that contains
the string
wildcard sequence '%s'. GemStone will substitute '%s' with userId before
doing the password validation. aFilterDn must be nil in explicit mode.
In search mode, baseDn is the search pattern used to resolve the DN and
must
NOT contain the string wildcard sequence '%s'. In search mode, aFilterDn
must
be a string that contains the string wildcard sequence '%s'. See the
examples
below.
aUserId must be a string which represents the userId to be validated.
pw must be a string which is the password for userId.
bindDn and bindPw must both be either strings or nils. If both are
strings,
they are used as creditials to bind to the LDAP server to perform the
search in
search mode. If bindDn and bindPw are both nil, the search is attempted
using an
anonymous bind. Not all LDAP servers are configured to support anonymous
binds. bindDn and bindPw are not used in explicit mode and should be set
to nil.
Returns true if pw is the correct password for userId. Otherwise returns
false if the password is incorrect or an error occurred while communicating
with the LDAP directory.
Setting the variable GS_DEBUG_LDAP in the gem's environment will cause
LDAP debugging
information to be printed to stdout.
Example 1: Explicit mode
System validatePasswordUsingLdapServers: (Array with: 'ldaps://
myldap.mydomain.com')
baseDn: 'uid=%s,ou=Users,dc=mycompany,dc=com' filterDn: nil
userId: 'MyUserId' password: 'swordfish' bindDn: nil bindPassword:
nil
Example 2: Search mode with anonymous bind
System validatePasswordUsingLdapServers: (Array with: 'ldaps://
myldap.mydomain.com')
baseDn: 'ou=Users,dc=mycompany,dc=com' filterDn: '(uid=%s)'
userId: 'MyUserId' password: 'swordfish' bindDn: nil bindPassword:
nil
Example 3: Search mode with authenticated bind
System validatePasswordUsingLdapServers: (Array with: 'ldaps://
myldap.mydomain.com')
baseDn: 'ou=Users,dc=mycompany,dc=com' filterDn: '(uid=%s)'
userId: 'MyUserId' password: 'swordfish' bindDn: 'LdapBindUser'
bindPassword: 'LdapBindPassword'
"
Thanks,
Dale
On Tue, Jan 21, 2014 at 10:06 AM, BrunoBB <smalltalk at adinet.com.uy> wrote:
> Hi,
>
> Take a look at:
> http://forum.world.st/LDAP-question-td4712607.html
>
> and:
> http://forum.world.st/LDAP-question-again-td4723545.html
>
> and finally:
> http://forum.world.st/System-performOnServer-LDAP-MySQL-td4723981.html
>
> Hope this help.
>
> Regards,
> Bruno
>
>
>
>
>
> --
> View this message in context:
> http://forum.world.st/Glass-LDAP-Support-tp4738263p4738284.html
> Sent from the GLASS mailing list archive at Nabble.com.
> _______________________________________________
> Glass mailing list
> Glass at lists.gemtalksystems.com
> http://lists.gemtalksystems.com/mailman/listinfo/glass
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gemtalksystems.com/mailman/private/glass/attachments/20140121/6195cfaa/attachment-0001.html>
More information about the Glass
mailing list