使用 ApacheDS 2.0 的 Worklight LDAP 认证 [英] Worklight LDAP authentication using ApacheDS 2.0

问题描述

我正在尝试使用密码验证在 ApacheDS 中配置的用户并从 Worklight 客户端调用.

I am trying to authenticate users configured in ApacheDS with password and calling from Worklight client.

我无法从 Worklight 客户端传递用户名，我尝试了在客户端中使用过的用户名占位符，但它不起作用.然后我尝试硬编码在 ApacheDS LDAP 服务器中创建的 uid 及其工作.任何人都可以帮助我将客户端中提供的用户名传递给 LDAP 服务器.

I am not able to pass username from Worklight client, I tried username placeholder which I have used in my client but its not working. Then I tried hardcoding uid created in ApacheDS LDAP server and its working. can anyone help me out in passing username given in client to LDAP server.

我的 authconfig 文件:

My authconfig file :

    <className>com.worklight.core.auth.ext.LdapLoginModule</className>
        <parameter name="ldapProviderUrl" value="ldap://localhost:10389"/>
        <parameter name="ldapTimeoutMs" value="2000"/>
        <parameter name="ldapSecurityAuthentication" value="simple"/>
        <parameter name="validationType" value="exists"/>
        <parameter name="ldapSecurityPrincipalPattern" value="uid=Raj,ou=users,ou=system"/>
        <parameter name="ldapSearchFilterPattern" value="(&amp;(uid={usernameInput})(objectclass=inetOrgPerson)"/>                        

我需要注意什么语法 <parameter name="ldapSecurityPrincipalPattern" "

Is there any syntax I need to take care with <parameter name="ldapSecurityPrincipalPattern" "

推荐答案

您使用的是 exists 验证类型，这意味着如果 LDAP 连接成功，授权将通过.用于访问 ldap 服务器的用户名是 {username} 后的 ldapSecurityPrincipalPattern 参数，替换为验证者提供的用户名.用于连接的密码是认证者提供的密码.

You are using the exists validationType, which means authorization will pass if an LDAP connection is successful. The username used to access the ldap server is the ldapSecurityPrincipalPattern parameter after {username} is substituted with the username provided by the authenticator. The password used to connect is the password provided by the authenticator.

例如.我提供Mike"作为用户名，并提供pass123"作为我的密码.身份验证器会将这些凭据发送到 LdapLoginModule.如果我的 ldapSecurityPrincipalPattern 是:uid={username},ou=users,ou=system，则连接到 ldap 服务器为 uid=Mike,ou=users,ou=system 将尝试使用密码pass123".如果登录成功，则授权成功.

For example. I provide 'Mike' as a username, and 'pass123' as my password. The authenticator will send these credentials to the LdapLoginModule. If my ldapSecurityPrincipalPattern is: uid={username},ou=users,ou=system, a connection to the ldap server as uid=Mike,ou=users,ou=system will be attempted with the password 'pass123'. If the login is successful, then the authorization is successful.

如果您还想查询 ldap 服务器以验证用户，您将使用 searchPattern 验证类型.用户名可以像上面一样替换为 ldapSearchFilterPattern.如果设置为这个validationType，只有当用户/密码组合可以用来连接LDAP服务器并且查询返回至少一个结果时，授权才会成功.

If you want to also query the ldap server to validate the user as well, you would use the searchPattern validationType. The username can be substituted into the ldapSearchFilterPattern like above. If set to this validationType, authorization will only be successful if the user/pass combo can be used to connect to the LDAP server AND the query returns at least one result.

更多细节可以在这里找到:http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m6/index.jsp?topic=%2Fcom.ibm.worklight.help.doc%2Fdevref%2Fr_ldap_login_module.html

More details can be found here: http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m6/index.jsp?topic=%2Fcom.ibm.worklight.help.doc%2Fdevref%2Fr_ldap_login_module.html

这篇关于使用 ApacheDS 2.0 的 Worklight LDAP 认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！