|
|
Anonymous bind required for roles
Kia ora
I am using openldap to store user information for logging into a web app with acegisecurity providing authentication. I'm trying to secure my openldap repository and discovered that in order to determine the user's roles, I need to allow anonymous quot;readquot; access to the roles ou. I really only want to allow anonymous quot;authquot; access to the user's userPassword attribute which is required to allow the user to login. Is this a known issue with the ldap support in acegisec or am I just doing it wrong?
Thanks for any assistance.
Could you post some code? I can't quite follow your question.
You should post any questions related to Acegi or Spring Security in their forum.
Yep, I've already tried that forum and received no response and thought I would try a little cross pollination. At this stage I guess I'm just stuck with allowing more anonymous access than I really want.
FWIW, the problem was that I hadn't provided credentials for an acegisecurity identity in my applicationContext.xml so it was trying to use anonymous access to search for user roles.Code:
lt;bean id=quot;initialDirContextFactoryquot; class=quot;org.acegisecurity.ldap.DefaultInitialDirContextFactoryquot;gt; lt;constructor-arg value=quot;ldap--localhost:389/dc=base,dc=co,dc=nzquot;/gt; lt;!-- For bind authentication don't require managerDn, but it is used for picking roles without requiring anon access. --gt;
lt;property name=quot;managerDnquot;gt;lt;valuegt;cn=acegisecurity,ou=people,dc=base,dc=co,dc=nzlt;/valuegt; lt;/propertygt; lt;property name=quot;managerPasswordquot;gt;lt;valuegt;**************lt;/valuegt; lt;/propertygt;
lt;/beangt; |
|
Post at 2011-4-15 14:33
| This Author's Posts Only
