3

I am trying to authenticate users configured in ApacheDS with password and calling from Worklight client.

I am not able to pass username from Worklight client, I tried username placeholder which I have used in my client but its not working. Then I tried hardcoding uid created in ApacheDS LDAP server and its working. can anyone help me out in passing username given in client to LDAP server.

My authconfig file :

    <className>com.worklight.core.auth.ext.LdapLoginModule</className>
        <parameter name="ldapProviderUrl" value="ldap://localhost:10389"/>
        <parameter name="ldapTimeoutMs" value="2000"/>
        <parameter name="ldapSecurityAuthentication" value="simple"/>
        <parameter name="validationType" value="exists"/>
        <parameter name="ldapSecurityPrincipalPattern" value="uid=Raj,ou=users,ou=system"/>
        <parameter name="ldapSearchFilterPattern" value="(&amp;(uid={usernameInput})(objectclass=inetOrgPerson)"/>

Is there any syntax I need to take care with <parameter name="ldapSecurityPrincipalPattern" "

Idan Adar
  • 44,156
  • 13
  • 50
  • 89
Rajkiran Singh Chouhan
  • 29
  • 2

1 Answers1

4

You are using the exists validationType, which means authorization will pass if an LDAP connection is successful. The username used to access the ldap server is the ldapSecurityPrincipalPattern parameter after {username} is substituted with the username provided by the authenticator. The password used to connect is the password provided by the authenticator.

For example. I provide 'Mike' as a username, and 'pass123' as my password. The authenticator will send these credentials to the LdapLoginModule. If my ldapSecurityPrincipalPattern is: uid={username},ou=users,ou=system, a connection to the ldap server as uid=Mike,ou=users,ou=system will be attempted with the password 'pass123'. If the login is successful, then the authorization is successful.

If you want to also query the ldap server to validate the user as well, you would use the searchPattern validationType. The username can be substituted into the ldapSearchFilterPattern like above. If set to this validationType, authorization will only be successful if the user/pass combo can be used to connect to the LDAP server AND the query returns at least one result.

More details can be found here: http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m6/index.jsp?topic=%2Fcom.ibm.worklight.help.doc%2Fdevref%2Fr_ldap_login_module.html

Mike
  • 526
  • 7
  • 18
  • Mike,I have tried to change the file added exist in validation type and added, but getting error. FWLSE0138W: LdapLoginModule authentication failed. Reason 'javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: Attempt to lookup non-existant entry: uid={usernameInputField},ou=users,ou=system] Here usernameInputField is my place holder – Rajkiran Singh Chouhan May 02 '14 at 11:39
  • Instead of {usernameInputField}, use {username}. The {username} key is automatically replaced by the worklight server with the user's name entered at the authenticator level. – Mike May 05 '14 at 02:35