Difference between revisions of "Ldap-example1"

From OpenKM Documentation
Jump to: navigation, search
Line 1: Line 1:
Description:
+
=== Description ===
 
* Login sets default filter base queries at '''dc=some,dc=com''' with is contatenated by default in all filter queries
 
* Login sets default filter base queries at '''dc=some,dc=com''' with is contatenated by default in all filter queries
* Roles ( groups ) filter base is '''ou=roles''' ( real distinguised name is ou=roles,dc=some,dc=com ). Any valid roles should have it as parent.
+
* Roles ( groups ) filter base is '''ou=roles''' ( real distinguised name is ou=roles,dc=some,dc=com ). Any valid roles should have it as parent. <beans:constructor-arg value="'''ou=roles'''"/> really points to <beans:constructor-arg value="'''ou=roles,dc=some,dc=com'''"/>
* Users filter base is '''ou=organization''' ( real distinguised name is ou=organization,dc=some,dc=com ) Any valid user should have it as parent.
+
* Users filter base is '''ou=organization''' ( real distinguised name is ou=organization,dc=some,dc=com ) Any valid user should have it as parent. <beans:constructor-arg index="0" value="'''ou=organization'''" /> to <beans:constructor-arg index="0" value="'''ou=organization,dc=some,dc=com'''" />
 
* User filter is uid={0}
 
* User filter is uid={0}
 +
* Finally take in consideration the value 1 at <beans:property name="groupSearchFilter" value="'''memberUid={1}'''"/>
  
Valid roles:
+
Valid roles
 
* cn=ROLE_X,ou=roles,dc=some,dc=com
 
* cn=ROLE_X,ou=roles,dc=some,dc=com
 
* cn=ROLE_Y,ou=dept marketing,ou=roles,dc=some,dc=com
 
* cn=ROLE_Y,ou=dept marketing,ou=roles,dc=some,dc=com
Line 12: Line 13:
 
Invalid roles:
 
Invalid roles:
 
* cn=ROLE_INVALID,ou=dept,dc=some,dc=com ( any distinguished name not included in ou=roles,dc=some,dc=com )
 
* cn=ROLE_INVALID,ou=dept,dc=some,dc=com ( any distinguished name not included in ou=roles,dc=some,dc=com )
 
  
 
Valid users:
 
Valid users:

Revision as of 20:50, 20 January 2013

Description

  • Login sets default filter base queries at dc=some,dc=com with is contatenated by default in all filter queries
  • Roles ( groups ) filter base is ou=roles ( real distinguised name is ou=roles,dc=some,dc=com ). Any valid roles should have it as parent. <beans:constructor-arg value="ou=roles"/> really points to <beans:constructor-arg value="ou=roles,dc=some,dc=com"/>
  • Users filter base is ou=organization ( real distinguised name is ou=organization,dc=some,dc=com ) Any valid user should have it as parent. <beans:constructor-arg index="0" value="ou=organization" /> to <beans:constructor-arg index="0" value="ou=organization,dc=some,dc=com" />
  • User filter is uid={0}
  • Finally take in consideration the value 1 at <beans:property name="groupSearchFilter" value="memberUid={1}"/>

Valid roles

  • cn=ROLE_X,ou=roles,dc=some,dc=com
  • cn=ROLE_Y,ou=dept marketing,ou=roles,dc=some,dc=com
  • cn=ROLE_Z,ou=dept sales,ou=roles,dc=some,dc=com

Invalid roles:

  • cn=ROLE_INVALID,ou=dept,dc=some,dc=com ( any distinguished name not included in ou=roles,dc=some,dc=com )

Valid users:

  • uid=USER_X,ou=organization,dc=some,dc=com
  • uid=USER_Y,ou=dept id,ou=organization,dc=some,dc=com
  • uid=USER_Z,ou=dept administrator,ou=organization,dc=some,dc=com

Invalis users:

  • uid=USER_INVALID,ou=house,dc=some,dc=com ( any distinguished name not included in ou=organization,dc=some,dc=com )

<source lang="xml"> <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns:beans="http://www.springframework.org/schema/beans"

            xmlns:security="http://www.springframework.org/schema/security"
            xmlns:task="http://www.springframework.org/schema/task"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="http://www.springframework.org/schema/beans
                                http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                                http://www.springframework.org/schema/security
                                http://www.springframework.org/schema/security/spring-security-3.1.xsd
                                http://www.springframework.org/schema/task
                                http://www.springframework.org/schema/task/spring-task-3.1.xsd">

 <security:authentication-manager alias="authenticationManager">
 	<security:authentication-provider ref="ldapAuthProvider" />
 </security:authentication-manager>
 
 <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
 	<beans:constructor-arg value="ldap://192.168.0.13:389/dc=some,dc=com"/>

<beans:property name="userDn" value="cn=Manager,dc=some,dc=com"/>

 	<beans:property name="password" value="******"/>
 </beans:bean>

<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> <beans:constructor-arg> <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator"> <beans:constructor-arg ref="contextSource"/> <beans:property name="userSearch" ref="userSearch"></beans:property> </beans:bean> </beans:constructor-arg> <beans:constructor-arg> <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator"> <beans:constructor-arg ref="contextSource"/> <beans:constructor-arg value="ou=roles"/> <beans:property name="groupSearchFilter" value="memberUid={1}"/> <beans:property name="groupRoleAttribute" value="cn"/>

       <beans:property name="searchSubtree" value="true" />
       <beans:property name="convertToUpperCase" value="true" />
       
       <beans:property name="rolePrefix" value="" /> 
       

</beans:bean> </beans:constructor-arg>

 </beans:bean>
 
  <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
   <beans:constructor-arg index="0" value="ou=organization" />
   <beans:constructor-arg index="1" value="uid={0}" />
   <beans:constructor-arg index="2" ref="contextSource" />
   <beans:property name="searchSubtree" value="true" />
 </beans:bean>
   

</beans:beans>