2

I am trying to configure eXist to LDAP to authenticate users and I have checked out the documentation at eXist LDAP Security. Turns out the default configuration only supports three settings: security.ldap.connection.url (The connection URL of the LDAP server), security.ldap.dn.user(The user list DN), and security.ldap.dn.group (The group list DN).

It doesn't work for my case because the LDAP server does not enable anonymous queries, which means I have to provide the user name/password in order to establish the connection.

Any suggestion on how I could achieve this other than enable anonymous queries on the LDAP server?

Thanks, Thomas

Joe Wicentowski
  • 5,159
  • 16
  • 26
Thomas
  • 237
  • 1
  • 4
  • 9

1 Answers1

0

It seems like you can implement your own context factory and feed it to exist with the security.ldap.contextFactory parameter.

The context factory is the java class used to initialize a connection to the directory. You can implement a context factory that initializes the connection with the ad-hoc credentials.

The idea is to implement a class like this:

public class MyCustomContextFactory implements InitialContextFactory {

  public Context getInitialContext(Hashtable env) {

    // Fetch the application DN and password somehow (config file...)
    String applicationDN = ...;
    String password = ...;

    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, applicationDN);
    env.put(Context.SECURITY_CREDENTIALS, password);

    return new InitialDirContext(env);

  }
}

You generate a jar file, add it in the classpath of your server, and specify the configuration parameter:

security.ldap.contextFactory = your.java.package.name.MyCustomContextFactory
sk_
  • 2,105
  • 17
  • 31