Dashboard > blojsom > ... > Developers Guide > LDAP Authorization Provider
  blojsom Log In   View a printable version of the current page.  
  LDAP Authorization Provider
 Browse Space
Added by David Czarnecki, last edited by David Czarnecki on Jan 23, 2006  (view change)
Labels: 
(None)

Availability

The LDAP authorization provider is available in the blojsom add-on bundle. This is a separate download from the blojsom.war file.

Description

This implementation authenticates a user against an LDAP server. This class/implementation requires LDAP protocol version 3.

Installation and Setup

After downloading the blojsom add-on bundle, copy the blojsom-addon-core-{version}.jar and netscape-ldapjdk-4.17.jar file into your /WEB-INF/lib directory.

Add the following servlet initialization parameters in your /WEB-INF/web.xml file under each servlet.

<init-param>
    <param-name>blog-ldap-authorization-server</param-name>
    <param-value>Name of your LDAP server</param-value>
</init-param>

<init-param>
    <param-name>blog-ldap-authorization-dn</param-name>
    <param-value></param-value>
</init-param>

<!-- Following parameter is optional as the default is 389 -->
<init-param>
    <param-name>blog-ldap-authorization-port</param-name>
    <param-value>389</param-value>
</init-param>

The following table describes other optional initialization parameters that can be used for this authorization provider.

Initialization parameter Description Default blojsom version
blog-ldap-authorization-uid Controls the UID attribute name when doing a username lookup. uid blojsom 2.26
blog-ldap-authorization-bindinguser Username to use when binding to LDAP to do a username lookup.   blojsom 2.26
blog-ldap-authorization-bindingpassword Password to use when binding to LDAP to do a username lookup.   blojsom 2.26

Change the authorization provider in your /WEB-INF/blojsom.properties file to use the LDAP provider. 

blojsom-authorization-provider=org.blojsom.authorization.LDAPAuthorizationProvider

Usage

The user name must be the same as that of their LDAP user (uid). There are two ways to configure this in terms of the accepted users. The first is where only the blog owner can edit the blog. To use this technique, delete the authorization.properties file from the user's blog directory. The lack of this file tells the authorization logic to use the blog owner as the UID for LDAP authentication. The second way provides multiple user editing of a blog. This second way utilizes the authorization.properties file's user names (it ignores passwords and other data). Incoming authorization requests have the user name checked to see if it is listed in the authorization.properties file (indicating a user who is allowed to edit this blog). If it is in the list, this username is used as the LDAP UID.

Site running on a free Atlassian Confluence Open Source Project License granted to blojsom. Evaluate Confluence today.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.5.4 Build:#809 Jun 12, 2007) - Bug/feature request - Contact Administrators