Is there a documentation available for this call (especially the first
parameter): System>>validatePasswordUsingLdapServers: aUriArray baseDn: aBaseDn filterDn: aFilterDn userId: aUserId password: pw Marten -- Marten Feldtmann _______________________________________________ Glass mailing list [hidden email] http://lists.gemtalksystems.com/mailman/listinfo/glass |
Hi,
Take a look at: http://forum.world.st/LDAP-question-td4712607.html and: http://forum.world.st/LDAP-question-again-td4723545.html and finally: http://forum.world.st/System-performOnServer-LDAP-MySQL-td4723981.html Hope this help. Regards, Bruno |
Bruon, I meant to send this earlier, but we have made changes to the the LDAP handling in 3.2 to accomodate (we think) your use case.
Please take a look at this comment from System class >>validatePasswordUsingLdapServers:baseDn:filterDn:userId:password:bindDn:Password: and let us know if this looks like it would work for you: "Use the LDAP server URI(s) specified in aUriArray to validate the password pw is valid for aUserId. aUriArray must be an array of strings containing LDAP URI addresses
(for example: 'ldaps://foo.bar.com') or nil. nil indicates the LDAP directories in the .ldaprc file should be used. In order to validate the password, the complete distinguesh name (DN) for
userId must be determined. The DN can either be constructed from the baseDn pattern (explicit mode) or the DN may be resolved by searching the LDAP directory (search mode). In explicit mode, baseDn must be a string that contains the string
wildcard sequence '%s'. GemStone will substitute '%s' with userId before doing the password validation. aFilterDn must be nil in explicit mode. In search mode, baseDn is the search pattern used to resolve the DN and must
NOT contain the string wildcard sequence '%s'. In search mode, aFilterDn must be a string that contains the string wildcard sequence '%s'. See the examples below. aUserId must be a string which represents the userId to be validated. pw must be a string which is the password for userId. bindDn and bindPw must both be either strings or nils. If both are strings,
they are used as creditials to bind to the LDAP server to perform the search in search mode. If bindDn and bindPw are both nil, the search is attempted using an anonymous bind. Not all LDAP servers are configured to support anonymous
binds. bindDn and bindPw are not used in explicit mode and should be set to nil. Returns true if pw is the correct password for userId. Otherwise returns false if the password is incorrect or an error occurred while communicating
with the LDAP directory. Setting the variable GS_DEBUG_LDAP in the gem's environment will cause LDAP debugging information to be printed to stdout.
Example 1: Explicit mode System validatePasswordUsingLdapServers: (Array with: 'ldaps://myldap.mydomain.com') baseDn: 'uid=%s,ou=Users,dc=mycompany,dc=com' filterDn: nil
userId: 'MyUserId' password: 'swordfish' bindDn: nil bindPassword: nil Example 2: Search mode with anonymous bind System validatePasswordUsingLdapServers: (Array with: 'ldaps://myldap.mydomain.com')
baseDn: 'ou=Users,dc=mycompany,dc=com' filterDn: '(uid=%s)' userId: 'MyUserId' password: 'swordfish' bindDn: nil bindPassword: nil Example 3: Search mode with authenticated bind System validatePasswordUsingLdapServers: (Array with: 'ldaps://myldap.mydomain.com')
baseDn: 'ou=Users,dc=mycompany,dc=com' filterDn: '(uid=%s)' userId: 'MyUserId' password: 'swordfish' bindDn: 'LdapBindUser' bindPassword: 'LdapBindPassword'
" Thanks, Dale On Tue, Jan 21, 2014 at 10:06 AM, BrunoBB <[hidden email]> wrote: Hi, _______________________________________________ Glass mailing list [hidden email] http://lists.gemtalksystems.com/mailman/listinfo/glass |
Hi Dale,
This is excellent ! (i was using System performOnServer:) It would be cool to have a way to execute a general query to LDAP and get aString as result. Sometimes the role it is also stored in the LDAP server (not at application level), so you need a way to get the rols of the user (but this is not my case !!!). With this validation is enough. Regards, Bruno |
Free forum by Nabble | Edit this page |