8 Replies Latest reply on Mar 8, 2013 6:38 AM by shawkins

Establishing an LDAP connection with non-hard coded credentials

johnbay Nov 16, 2012 3:34 PM

With what I'm currently working on, we have an ldap translator we have written, and we use the default ldap connector. As a part of this connector, you can hard code a user name and password for establishing the ldap context in the related translator's resource adapter xml. Is there an easy way to be able to generate/insert a password(or in my case, a passticket) dynamically with java instead of this hard coded method? Can it be done without modifying or creating a whole new connector? Could I create an LdapLoginModule (https://community.jboss.org/wiki/LdapLoginModule) and then point to that as the security for the ldap translator in its resource adapter xml?

Any help or direction is greatly appreciated.

Thanks!

1. Re: Establishing an LDAP connection with non-hard coded credentials

rareddy Nov 16, 2012 6:28 PM (in response to johnbay)

John,

I do not think we have any solutions currently that are out of the box for the LDAP authentication pass through. Generally for the data sources and connection factories you can follow the procedure here to define a separate security domain as defined here https://docs.jboss.org/author/display/TEIID/Security+at+Data+Source+level. For this you would need to extend the LDAP connector provided in the Teiid and extend the functionality.

Also, I logged https://issues.jboss.org/browse/TEIID-2312

You should also be able to set payload https://docs.jboss.org/author/display/TEIID/SET+Statement, which is available through command context in translator, so that it can pass in the credentials. I believe you can also set this payload as driver connection properties, but I could not find any document for that.

Hope this helps

Ramesh..
Actions
2. Re: Establishing an LDAP connection with non-hard coded credentials

johnbay Nov 19, 2012 10:57 AM (in response to rareddy)

To make sure I understand: Currently the only sure way to pass in authentication information to the teiid LDAP connector at start up time is statically through its resource adapter properties? Otherwise the LDAP connector needs to be extended and added to?
Actions
3. Re: Establishing an LDAP connection with non-hard coded credentials

rareddy Nov 19, 2012 11:30 AM (in response to johnbay)

Yes. It would be impossible to guess what the custom payload *is*, how it needs to be used to provide implementation out of the box, apart from supporting security-domain with ClientIdenityLoginModule (which I logged JIRA).

Ramesh..
Actions
4. Re: Establishing an LDAP connection with non-hard coded credentials

johnbay Nov 19, 2012 11:33 AM (in response to rareddy)

Got it, thanks!
Actions
5. Re: Establishing an LDAP connection with non-hard coded credentials

yapnel Mar 7, 2013 3:51 PM (in response to rareddy)

Hi Ramesh,

I tried this SET PAYLOAD user_id yapne; command in squirrel and it doesn't work. Is this only for java? Or have i done something wrong.

Please advise.

thanks.

Nelson
Actions
6. Re: Establishing an LDAP connection with non-hard coded credentials

shawkins Mar 7, 2013 6:17 PM (in response to yapnel)

Nelson,

The payload approach that Ramesh is mentioning has no built-in hook at the resource adapter level to utilize the payload. As for the statement not working, what version of Teiid are you on?

See also https://issues.jboss.org/browse/TEIID-2312 for using a security domain to pass username/password that is set on the Subject.

Steve
Actions
7. Re: Establishing an LDAP connection with non-hard coded credentials

yapnel Mar 8, 2013 2:43 AM (in response to shawkins)

Steve

EDS 5.3.1. I am not using it for LDAP purposes. We are intending for 3rd party tools to have a mechanism of passing user id to teiid engine.

Thanks

Nelson
Actions
8. Re: Establishing an LDAP connection with non-hard coded credentials

shawkins Mar 8, 2013 6:38 AM (in response to yapnel)

https://issues.jboss.org/browse/TEIID-2006 is available in 5.3.1, you should open a support case describing what is not working.

Steve
Actions

Go to original post