Difference between revisions of "Knowledge:Ldap examples"
(13 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | === | + | === Vocabulary === |
− | + | '''dn''' is '''Distinguised Name''' | |
− | Then <beans:constructor-arg value="'''ou=roles'''"/> really points to <beans:constructor-arg value="'''ou=roles,dc=macroct,dc=com'''"/> | + | === case openldap === |
+ | Take a look at: '''ldap://192.168.0.13:389/dc=macroct,dc=com''' which filter all ldap connection to this node. Then : | ||
+ | * <beans:constructor-arg value="'''ou=roles'''"/> really points to <beans:constructor-arg value="'''ou=roles,dc=macroct,dc=com'''"/> | ||
+ | * <beans:constructor-arg index="0" value="'''ou=organization'''" /> to <beans:constructor-arg index="0" value="'''ou=organization,dc=macroct,dc=com'''" /> | ||
+ | |||
+ | User dn are like '''cn=Manager,dc=macroct,dc=com''' | ||
Finally take in consideration the value 1 at <beans:property name="groupSearchFilter" value="'''memberUid={1}'''"/> | Finally take in consideration the value 1 at <beans:property name="groupSearchFilter" value="'''memberUid={1}'''"/> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
The configuration | The configuration | ||
Line 51: | Line 51: | ||
<beans:property name="searchSubtree" value="true" /> | <beans:property name="searchSubtree" value="true" /> | ||
</beans:bean> | </beans:bean> | ||
+ | </source> | ||
+ | |||
+ | === 389 Server ldap ( Fedora Directory Server ) === | ||
+ | Take a look at ldap://192.168.17.40:389/'''dc=mnemo,dc=net''' indicates the default node, then: | ||
+ | * <beans:constructor-arg value="'''ou=OpenKM,ou=aplicaciones,ou=MNEMO'''"/> really points to <beans:constructor-arg value="'''ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net'''"/> | ||
+ | |||
+ | User dn are like uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net | ||
+ | |||
+ | Group '''cn=ROL_USER,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net''' has a property called '''uniqueMember''' with some user dn, like '''uniqueMember=uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net | ||
+ | ''' | ||
+ | |||
+ | Finally take in consideration the value 0 <beans:property name="groupSearchFilter" value="'''uniqueMember={0}'''"/> | ||
+ | |||
+ | <source lang="xml"> | ||
+ | <security:authentication-manager alias="authenticationManager"> | ||
+ | <security:authentication-provider ref="ldapAuthProvider" /> | ||
+ | </security:authentication-manager> | ||
+ | |||
+ | <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> | ||
+ | <beans:constructor-arg value="ldap://192.168.17.40:389/dc=mnemo,dc=net"/> | ||
+ | <beans:property name="userDn" value="uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net"/> | ||
+ | <beans:property name="password" value="123abc..."/> | ||
+ | </beans:bean> | ||
+ | |||
+ | <beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> | ||
+ | <beans:constructor-arg> | ||
+ | <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator"> | ||
+ | <beans:constructor-arg ref="contextSource"/> | ||
+ | <beans:property name="userSearch" ref="userSearch"/> | ||
+ | </beans:bean> | ||
+ | </beans:constructor-arg> | ||
+ | <beans:constructor-arg> | ||
+ | <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator"> | ||
+ | <beans:constructor-arg ref="contextSource"/> | ||
+ | <beans:constructor-arg value="ou=OpenKM,ou=aplicaciones,ou=MNEMO"/> | ||
+ | <beans:property name="groupSearchFilter" value="uniqueMember={0}"/> | ||
+ | <beans:property name="groupRoleAttribute" value="cn"/> | ||
+ | <beans:property name="searchSubtree" value="true" /> | ||
+ | <beans:property name="convertToUpperCase" value="false" /> | ||
+ | <beans:property name="rolePrefix" value="" /> | ||
+ | </beans:bean> | ||
+ | </beans:constructor-arg> | ||
+ | </beans:bean> | ||
+ | |||
+ | <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> | ||
+ | <beans:constructor-arg index="0" value="" /> | ||
+ | <beans:constructor-arg index="1" value="uid={0}" /> | ||
+ | <beans:constructor-arg index="2" ref="contextSource" /> | ||
+ | <beans:property name="searchSubtree" value="true" /> | ||
+ | </beans:bean> | ||
+ | </source> | ||
+ | |||
+ | === Ejemplo completo con openLdap === | ||
+ | <source lang="xml"> | ||
+ | <?xml version="1.0" encoding="UTF-8"?> | ||
+ | <beans:beans xmlns:beans="http://www.springframework.org/schema/beans" | ||
+ | xmlns:security="http://www.springframework.org/schema/security" | ||
+ | xmlns:task="http://www.springframework.org/schema/task" | ||
+ | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
+ | xsi:schemaLocation="http://www.springframework.org/schema/beans | ||
+ | http://www.springframework.org/schema/beans/spring-beans-3.1.xsd | ||
+ | http://www.springframework.org/schema/security | ||
+ | http://www.springframework.org/schema/security/spring-security-3.1.xsd | ||
+ | http://www.springframework.org/schema/task | ||
+ | http://www.springframework.org/schema/task/spring-task-3.1.xsd"> | ||
+ | |||
+ | <security:authentication-manager alias="authenticationManager"> | ||
+ | <security:authentication-provider ref="ldapAuthProvider" /> | ||
+ | </security:authentication-manager> | ||
+ | |||
+ | <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> | ||
+ | <beans:constructor-arg value="ldap://192.168.0.13:389/dc=some,dc=com"/> | ||
+ | <beans:property name="userDn" value="cn=Manager,dc=some,dc=com"/> | ||
+ | <beans:property name="password" value="******"/> | ||
+ | </beans:bean> | ||
+ | |||
+ | <beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> | ||
+ | <beans:constructor-arg> | ||
+ | <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator"> | ||
+ | <beans:constructor-arg ref="contextSource"/> | ||
+ | <beans:property name="userSearch" ref="userSearch"></beans:property> | ||
+ | </beans:bean> | ||
+ | </beans:constructor-arg> | ||
+ | <beans:constructor-arg> | ||
+ | <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator"> | ||
+ | <beans:constructor-arg ref="contextSource"/> | ||
+ | <beans:constructor-arg value="ou=roles"/> | ||
+ | <beans:property name="groupSearchFilter" value="memberUid={1}"/> | ||
+ | <beans:property name="groupRoleAttribute" value="cn"/> | ||
+ | <beans:property name="searchSubtree" value="true" /> | ||
+ | <beans:property name="convertToUpperCase" value="true" /> | ||
+ | |||
+ | <beans:property name="rolePrefix" value="" /> | ||
+ | |||
+ | </beans:bean> | ||
+ | </beans:constructor-arg> | ||
+ | </beans:bean> | ||
+ | |||
+ | <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> | ||
+ | <beans:constructor-arg index="0" value="ou=organization" /> | ||
+ | <beans:constructor-arg index="1" value="uid={0}" /> | ||
+ | <beans:constructor-arg index="2" ref="contextSource" /> | ||
+ | <beans:property name="searchSubtree" value="true" /> | ||
+ | </beans:bean> | ||
+ | |||
+ | |||
+ | </beans:beans> | ||
+ | </source> | ||
+ | |||
+ | === capio active directory === | ||
+ | <source lang="xml"> | ||
+ | <!-- LDAP Complex --> | ||
+ | <security:authentication-manager alias="authenticationManager"> | ||
+ | <security:authentication-provider ref="ldapAuthProvider" /> | ||
+ | </security:authentication-manager> | ||
+ | |||
+ | <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> | ||
+ | <beans:constructor-arg value="ldap://aplicacion"/> | ||
+ | <beans:property name="userDn" value="CN=Josep Llort Tella,OU=OPENKM,OU=TERCEROS,DC=idc,DC=local"/> | ||
+ | <beans:property name="password" value="462931"/> | ||
+ | <!-- <beans:property name="pooled" value="false"/> --> | ||
+ | <beans:property name="baseEnvironmentProperties"> | ||
+ | <beans:map> | ||
+ | <beans:entry> | ||
+ | <beans:key> | ||
+ | <beans:value>java.naming.referral</beans:value> | ||
+ | </beans:key> | ||
+ | <beans:value>follow</beans:value> | ||
+ | </beans:entry> | ||
+ | <!-- | ||
+ | <beans:entry> | ||
+ | <beans:key> | ||
+ | <beans:value>pooled</beans:value> | ||
+ | </beans:key> | ||
+ | <beans:value>false</beans:value> | ||
+ | </beans:entry> | ||
+ | --> | ||
+ | </beans:map> | ||
+ | </beans:property> | ||
+ | </beans:bean> | ||
+ | |||
+ | <beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> | ||
+ | <beans:constructor-arg> | ||
+ | <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator"> | ||
+ | <beans:constructor-arg ref="contextSource"/> | ||
+ | <beans:property name="userSearch" ref="userSearch"/> | ||
+ | </beans:bean> | ||
+ | </beans:constructor-arg> | ||
+ | <beans:constructor-arg> | ||
+ | <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator"> | ||
+ | <beans:constructor-arg ref="contextSource"/> | ||
+ | <beans:constructor-arg value="DC=idc,DC=local"/> | ||
+ | <beans:property name="groupSearchFilter" value="member={0}"/> | ||
+ | <beans:property name="groupRoleAttribute" value="cn"/> | ||
+ | <beans:property name="searchSubtree" value="true" /> | ||
+ | <beans:property name="convertToUpperCase" value="false" /> | ||
+ | <beans:property name="rolePrefix" value="" /> | ||
+ | <beans:property name="defaultRole" value="ROLE_USER" /> | ||
+ | </beans:bean> | ||
+ | </beans:constructor-arg> | ||
+ | </beans:bean> | ||
+ | |||
+ | <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> | ||
+ | <beans:constructor-arg index="0" value="DC=idc,DC=local" /> | ||
+ | <beans:constructor-arg index="1" value="sAMAccountName={0}" /> | ||
+ | <beans:constructor-arg index="2" ref="contextSource" /> | ||
+ | <beans:property name="searchSubtree" value="true" /> | ||
+ | </beans:bean> | ||
+ | <!-- <beans:property name="derefLinkFlag" value="true" /> --> | ||
+ | |||
</source> | </source> |
Latest revision as of 12:26, 29 October 2012
Contents
Vocabulary
dn is Distinguised Name
case openldap
Take a look at: ldap://192.168.0.13:389/dc=macroct,dc=com which filter all ldap connection to this node. Then :
- <beans:constructor-arg value="ou=roles"/> really points to <beans:constructor-arg value="ou=roles,dc=macroct,dc=com"/>
- <beans:constructor-arg index="0" value="ou=organization" /> to <beans:constructor-arg index="0" value="ou=organization,dc=macroct,dc=com" />
User dn are like cn=Manager,dc=macroct,dc=com
Finally take in consideration the value 1 at <beans:property name="groupSearchFilter" value="memberUid={1}"/>
The configuration
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://192.168.0.13:389/dc=macroct,dc=com"/>
<beans:property name="userDn" value="cn=Manager,dc=macroct,dc=com"/>
<beans:property name="password" value="*****"/>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"></beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="ou=roles"/>
<beans:property name="groupSearchFilter" value="memberUid={1}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="true" />
<beans:property name="rolePrefix" value="" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="ou=organization" />
<beans:constructor-arg index="1" value="uid={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
389 Server ldap ( Fedora Directory Server )
Take a look at ldap://192.168.17.40:389/dc=mnemo,dc=net indicates the default node, then:
- <beans:constructor-arg value="ou=OpenKM,ou=aplicaciones,ou=MNEMO"/> really points to <beans:constructor-arg value="ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net"/>
User dn are like uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net
Group cn=ROL_USER,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net has a property called uniqueMember with some user dn, like uniqueMember=uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net
Finally take in consideration the value 0 <beans:property name="groupSearchFilter" value="uniqueMember={0}"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://192.168.17.40:389/dc=mnemo,dc=net"/>
<beans:property name="userDn" value="uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net"/>
<beans:property name="password" value="123abc..."/>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"/>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="ou=OpenKM,ou=aplicaciones,ou=MNEMO"/>
<beans:property name="groupSearchFilter" value="uniqueMember={0}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="false" />
<beans:property name="rolePrefix" value="" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="" />
<beans:constructor-arg index="1" value="uid={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
Ejemplo completo con openLdap
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:task="http://www.springframework.org/schema/task"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task-3.1.xsd">
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://192.168.0.13:389/dc=some,dc=com"/>
<beans:property name="userDn" value="cn=Manager,dc=some,dc=com"/>
<beans:property name="password" value="******"/>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"></beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="ou=roles"/>
<beans:property name="groupSearchFilter" value="memberUid={1}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="true" />
<beans:property name="rolePrefix" value="" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="ou=organization" />
<beans:constructor-arg index="1" value="uid={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
</beans:beans>
capio active directory
<!-- LDAP Complex -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://aplicacion"/>
<beans:property name="userDn" value="CN=Josep Llort Tella,OU=OPENKM,OU=TERCEROS,DC=idc,DC=local"/>
<beans:property name="password" value="462931"/>
<!-- <beans:property name="pooled" value="false"/> -->
<beans:property name="baseEnvironmentProperties">
<beans:map>
<beans:entry>
<beans:key>
<beans:value>java.naming.referral</beans:value>
</beans:key>
<beans:value>follow</beans:value>
</beans:entry>
<!--
<beans:entry>
<beans:key>
<beans:value>pooled</beans:value>
</beans:key>
<beans:value>false</beans:value>
</beans:entry>
-->
</beans:map>
</beans:property>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"/>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="DC=idc,DC=local"/>
<beans:property name="groupSearchFilter" value="member={0}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="false" />
<beans:property name="rolePrefix" value="" />
<beans:property name="defaultRole" value="ROLE_USER" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="DC=idc,DC=local" />
<beans:constructor-arg index="1" value="sAMAccountName={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
<!-- <beans:property name="derefLinkFlag" value="true" /> -->