1 Reply Latest reply on Nov 8, 2005 10:34 AM by jimbrady

    New LdapExtLoginModule added

    Scott Stark Master

      A more flexible ldap login module has been added for 4.0.3 that has support for navigating hiearchical roles. See the following wiki page for details and examples:


      If you want to try it out ahead of a 4.0.3 release, see the following jira issue which includes the LdapExtLoginModule.java source:


        • 1. Re: New LdapExtLoginModule added
          jimbrady Newbie

          I have copied and used this code and had a small problem with it. If you don't specify the roleCtxDn and roleFilter parameters it throws an error. As I have a seperate database table for roles and only wanted to use LDAP for Authentication this was a problem for me. I just skipped the role checking when the parameters where null but you could make it an explicit option.

          // Query for roles matching the role filter
          if ((rolesCtxDN != null) && (roleFilter != null)) {

          SearchControls constraints = new SearchControls();
          constraints.setReturningAttributes(new String[0]);
          rolesSearch(ctx, constraints, username, userDN, recursion, 0);

          Also all the options are added to the sign-on environment even when they are not used which seems a bit dangerous to me. (It works with or without them!)

          private InitialLdapContext constructInitialLdapContext(String dn,
          Object credential) throws NamingException {
          Properties env = new Properties();

          Iterator iter = options.entrySet().iterator();
          while (iter.hasNext()) {
          Entry entry = (Entry) iter.next();
          env.put(entry.getKey(), entry.getValue());