If you are doing Web Programming in Java I recommend Spring Security. I am providing an example of such integration.
1. Download and install apacheds(v 1.5.7) and ApacheDirectoryStudio(v 1.5.3).
2. The DS Server should start automatically. Telnet to localhost port 10389 (default apacheds port) to test it is running. To start the server in case it is not running:
OSX$ sudo launchctl load /Library/LaunchDaemons/org.apache.directory.server.plist OSX$ sudo launchctl start org.apache.directory.server LINUX$ sudo /etc/init.d/apacheds-1.5.7-default start
3. To stop the server:
OSX$ sudo launchctl stop org.apache.directory.server OSX$sudo launchctl unload /Library/LaunchDaemons/org.apache.directory.server.plist LINUX$sudo /etc/init.d/apacheds-1.5.7-default stop
4. Download the ldif sample file from http://directory.apache.org/apacheds/1.5/15-about-the-
sample-configurations-and-sample-directory-data.data/apache_ds_tutorial.ldif
5. Open ApacheDirectoryStudio and select File|New|LDAP Browser|LDAP Connection. Name it "localhost", hostname=localhost, port=10389, use No Encryption. Hit “Check Network parameter” and be sure the connection to the server is succesful. Use bind user=”uid=admin,ou=system” and bind password=”secret” (defaults). Hit “Check Authentication” and be sure it is succesful.
6. Stop the server and add to server.xml a new partition:
OSX$sudo vi /usr/local/apacheds-1.5.7//instances/default/conf/server.xml LINUX$sudo vi /var/lib/apacheds-1.5.7/default/conf/server.xml ... <jdbmPartition id="sevenSeas" suffix="o=sevenSeas" /> </partitions7gt; ...7. You might have to close the localhost connection and open it again from ApacheDirectoryStudio.
8. Assign a root entry to the partition. Right click on the DIT on the left panel and select “New Entry|Next|Select domain|RDN:o=sevenSeas. Pick for dc property “o=sevenSeas”
9. Right click on the “o=sevenSeas” entry and import the file apache_ds_tutorial.ldif
10. Now you have “ou=groups” and “ou=people” below “o=sevenSeas”
11. Create a new User: Right click “ou=people”|Add a NewEntry from scratch| select “objectclass: inetOrgPerson”|Next|add RDN: cn=admin. You will need to provide “sn” attribute (surname) as it is specified to be mandatory. Set it as “admin” for example. In addition set “userPassword” and “mail”
12. Create a new group. Right click “groups”|Add a NewEntry from scratch| select “objectclass: groupOfUniqueNames”|Next|add RDN: cn=admin|at least one member must be placed inside the group, use “cn=admin,ou=people,o=sevenSeas”
13. Create a second user called “test” member of a new group called “user”
14. Test your application. Below is a snippet of the security xml spring configuration:
<beans:bean id="customUserDetailsService" class="com.nestorurquiza.security.DummyForTokenBasedRememberMeServicesUserDetailsService "> </beans:bean> <beans:bean id="customUserDetailsContextMapper" class="com.nestorurquiza.security.LdapUserDetailsContextMapper"> </beans:bean> <ldap-server url="ldap://localhost:10389" manager- dn="uid=admin,ou=system" manager-password="secret" root="o=sevenSeas" /> <authentication-manager> <ldap-authentication-provider user-search-filter="mail={0}" user-search- base="ou=people,o=sevenSeas" user-context-mapper-ref="customUserDetailsContextMapper" group-search- base="ou=groups,o=sevenSeas" /> </authentication-manager>
15. Of course you will want to create your own “ou=groups” and “ou=people”. You can do that
from active directory as I already posted or you you can create the ldif file yourself (remember it is just plain text!). Alternatively you can add groups and users manually through the GUI. Creating an ldif file is the easiest way:
dn: ou=people,o=MyCompany objectclass: organizationalUnit objectclass: top description: User entries ou: people dn: ou=groups,o=MyCompany objectclass: organizationalUnit objectclass: top description: User Group Entries ou: groups dn: CN=Nestor Urquiza,ou=people,o=MyCompany sn: Urquiza givenName: Nestor mail: nurquiza@mycompany.com uid: nurquiza userPassword: objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson objectclass: top dn: CN=Tom Cat,ou=people,o=MyCompany sn: Cat givenName: Tom mail: tcat@mycompany.com uid: tcat userPassword: objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson objectclass: top dn: cn=admin,ou=groups,o=MyCompany description: Super User objectclass: groupOfUniqueNames objectclass: top cn: admin uniquemember: cn=Nestor Urquiza,ou=people,o=MyCompany dn: cn=user,ou=groups,o=MyCompany description: Regular User objectclass: groupOfUniqueNames objectclass: top cn: user uniquemember: cn=Nestor Urquiza,ou=people,o=MyCompany uniquemember: cn=Tom Cat,ou=people,o=MyCompany
16. Secure ApacheDS. Besides using SSL do not forget to disabled anonymous access:
<defaultDirectoryService ... allowAnonymousAccess="false" ...>
1 comment:
Thanks
Post a Comment