[Glass] LDAP-Support ...

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Glass] LDAP-Support ...

marten
Is there a documentation available for this call (especially the first
parameter):

System>>validatePasswordUsingLdapServers: aUriArray baseDn: aBaseDn
filterDn: aFilterDn userId: aUserId password: pw


Marten
--
Marten Feldtmann
_______________________________________________
Glass mailing list
[hidden email]
http://lists.gemtalksystems.com/mailman/listinfo/glass
Reply | Threaded
Open this post in threaded view
|

Re: [Glass] LDAP-Support ...

BrunoBB
Reply | Threaded
Open this post in threaded view
|

Re: [Glass] LDAP-Support ...

Dale Henrichs-3
Bruon,

I meant to send this earlier, but we have made changes to the the LDAP handling in 3.2 to accomodate (we think) your use case.


Please take a look at this comment from System class  >>validatePasswordUsingLdapServers:baseDn:filterDn:userId:password:bindDn:Password: and let us know if this looks like it would work for you:

"Use the LDAP server URI(s) specified in aUriArray to validate the password pw
 is valid for aUserId.  

 aUriArray must be an array of strings containing LDAP URI addresses 
 (for example: 'ldaps://foo.bar.com') or nil.  nil indicates the LDAP 
 directories in the .ldaprc file should be used.
 
 In order to validate the password, the complete distinguesh name (DN) for 
 userId must be determined.  The DN can either be constructed from the baseDn
 pattern (explicit mode) or the DN may be resolved by searching the LDAP directory
 (search mode).  In explicit mode, baseDn must be a string that contains the string
 wildcard sequence '%s'.  GemStone will substitute '%s' with userId before
 doing the password validation.  aFilterDn must be nil in explicit mode.

 In search mode, baseDn is the search pattern used to resolve the DN and must
 NOT contain the string wildcard sequence '%s'.  In search mode, aFilterDn must
 be a string that contains the string wildcard sequence '%s'.  See the examples
 below.

 aUserId must be a string which represents the userId to be validated.
 pw must be a string which is the password for userId.

 bindDn and bindPw must both be either strings or nils.  If both are strings, 
 they are used as creditials to bind to the LDAP server to perform the search in
 search mode.  If bindDn and bindPw are both nil, the search is attempted using an
 anonymous bind.  Not all LDAP servers are configured to support anonymous
 binds.  bindDn and bindPw are not used in explicit mode and should be set to nil.

 Returns true if pw is the correct password for userId. Otherwise returns
 false if the password is incorrect or an error occurred while communicating
 with the LDAP directory.  

 Setting the variable GS_DEBUG_LDAP in the gem's environment will cause LDAP debugging
 information to be printed to stdout.

 Example 1: Explicit mode

 System validatePasswordUsingLdapServers: (Array with: 'ldaps://myldap.mydomain.com')
        baseDn: 'uid=%s,ou=Users,dc=mycompany,dc=com' filterDn: nil
        userId: 'MyUserId' password: 'swordfish' bindDn: nil bindPassword: nil


 Example 2: Search mode with anonymous bind

 System validatePasswordUsingLdapServers: (Array with: 'ldaps://myldap.mydomain.com')
        baseDn: 'ou=Users,dc=mycompany,dc=com' filterDn: '(uid=%s)'
        userId: 'MyUserId' password: 'swordfish' bindDn: nil bindPassword: nil


 Example 3: Search mode with authenticated bind

 System validatePasswordUsingLdapServers: (Array with: 'ldaps://myldap.mydomain.com')
        baseDn: 'ou=Users,dc=mycompany,dc=com' filterDn: '(uid=%s)'
        userId: 'MyUserId' password: 'swordfish' bindDn: 'LdapBindUser'
        bindPassword: 'LdapBindPassword'
"

Thanks,

Dale


On Tue, Jan 21, 2014 at 10:06 AM, BrunoBB <[hidden email]> wrote:
Hi,

Take a look at:
http://forum.world.st/LDAP-question-td4712607.html

and:
http://forum.world.st/LDAP-question-again-td4723545.html

and finally:
http://forum.world.st/System-performOnServer-LDAP-MySQL-td4723981.html

Hope this help.

Regards,
Bruno





--
View this message in context: http://forum.world.st/Glass-LDAP-Support-tp4738263p4738284.html
Sent from the GLASS mailing list archive at Nabble.com.
_______________________________________________
Glass mailing list
[hidden email]
http://lists.gemtalksystems.com/mailman/listinfo/glass


_______________________________________________
Glass mailing list
[hidden email]
http://lists.gemtalksystems.com/mailman/listinfo/glass
Reply | Threaded
Open this post in threaded view
|

Re: [Glass] LDAP-Support ...

BrunoBB
Hi Dale,

This is excellent !
(i was using System performOnServer:)

It would be cool to have a way to execute a general query to LDAP and get aString as result.
Sometimes the role it is also stored in the LDAP server (not at application level), so you need a way to get the rols of the user (but this is not my case !!!).

With this validation is enough.

Regards,
Bruno