Availability The LDAP authorization provider is available in the blojsom add-on bundle. This is a separate download from the blojsom.war file.

Description

The LDAP authorization provider is an additional authorization provider for blojsom and uses information from an LDAP directory to authorize users accessing a blog. It is an extension of the database authorization provider and uses the database to check permissions for users. This class/implementation requires LDAP protocol version 3.

Installation and Configuration

After downloading the blojsom add-on bundle, copy the blojsom-addon-core-{version}.jar and netscape-ldapjdk-4.17.jar file into your /WEB-INF/lib directory.

In /WEB-INF/classes/blojsom.xml, an authorizationProvider bean is configured for the installation.

<!-- Authorization provider -->
    <bean id="authorizationProvider" class="org.blojsom.authorization.ldap.LDAPAuthorizationProvider"
          init-method="init">
        <property name="servletConfig">
            <ref bean="servletConfigFactoryBean"/>
        </property>
        <property name="sessionFactory">
            <ref bean="hibernateSessionFactory"/>
        </property>
    </bean>

The bean id of authorizationProvider must not be changed.

Add the following servlet initialization parameters in your /WEB-INF/web.xml file under each servlet.

<init-param>
    <param-name>blog-ldap-authorization-server</param-name>
    <param-value>Name of your LDAP server</param-value>
</init-param>

<init-param>
    <param-name>blog-ldap-authorization-dn</param-name>
    <param-value></param-value>
</init-param>

<!-- Following parameter is optional as the default is 389 -->
<init-param>
    <param-name>blog-ldap-authorization-port</param-name>
    <param-value>389</param-value>
</init-param>

Configuration Properties

The following table describes all the initialization parameters that can be used for this authorization provider.

Usage

The user name must be the same as that of their LDAP user (uid).