ldap

how to expire a password with ADAM

We are using ADAM to simulate an AD server in our development environment. We need to expire passwords for a couple of our users to test several key code paths. We have been doing this by setting the password expiry window low (1 day) and then waiting that interval until the password expires. However, this is slow and once we change...

Spring security ldap: no declaration can be found for element 'ldap-authentication-provider'

Following the spring-security documentation: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ldap.html I am trying to set up ldap authentication (very simple - just need to know if a user is authenticated or not, no authorities mapping needed) and have put this in my applicationContext-security.xml file <beans:b...

Spring security ldap authenticate first

I have set up an ldap authentication using the following configuration. I just need to user to authenticate to the LDAP data store, then have their session get an authentication token. From reading the docs, this is what I am thinking is supposed to happen: Authenticate as the manager, find the users full dn based on search criteria ...

Spring Security 3.0 and Active Directory LDAP: DOMAIN\user login

I would like to have users authenticate against an ActiveDirectory LDAP server using the DOMAIN\user.name syntax. I think that should be possible with SpringSec 3.0 since the docs mention an alternative syntax which I guess refers to the DOM\user syntax instead of a bind DN, but the docs don't elaborate further. Is there some way to con...

How do I get multiple operating units access using ldap?

I'm having a problem getting users within who are within our domain and in the appropriate active directory group(s) to have access to the repositories. I am not very experienced with any of the security, nor using Subversion actively as a developer. This is a critical issue to be resolved as our developers are more and more part of vi...

Oracle & Active Directory : A love/hate relationship

Hi SO'ers, I'm currently trying to access Active Directory via the dbms_ldap API in Pl/Sql (Oracle). The trouble is that I'm not able to connect with my own username and password or anynoymously. However, in C# I can connect anonymously with this code : DirectoryEntry ldap = new DirectoryEntry("LDAP://Hostname"); DirectorySearcher sear...

Active Directory: User UPN or DN for NTLM name, using pure LDAP?

I have a Java app that can authenticate to LDAP by logging users into the AD LDAP server with the NTLM name (which they are used to - this is a requirement). I now also need to do authorization, and hence need to find a forest-unique identifier for the user (DN or UPN should work), from which I can further query the directory. The meth...

Spring security custom principal bean

I have a web application that is set up to use the default ldap server/authentication manager/authentication provider/user service. I have another DAO that already does majority of the work that those do (besides the authenticating a user) using Spring-LDAP. My problem is that I want the principal to be of my own custom bean class. Wh...

PartialResultException when authenticating over LDAP with Acegi and Grails

I'm trying to setup our new Grails application to authenticate via LDAP. From the logs we can see that Acegi is binding to the LDAP store, then is able to find the user given the correct credentials, and finally begins searching for roles. The authentication fails due to a PartialResultException. I'm aware that the default LDAP provide...

SSO possible with LDAP-backed web applications?

I have a client who wants their wordpress and google apps user accounts accessible using SSO, ie if they log in on one app domain google.client.com they will be logged into wordpress.client.com too without extra steps. The same LDAP directory will be used to do backend authentication for both systems. Is it possible to setup SSO for ...

Auto-creating User details with Grails and LDAP

I'm using the Acegi Security plugin for Grails, and authentication via LDAP. The application logs show that on login, we can authenticate the user and get their roles via LDAP, but the login fails because the User Details cannot be found in the application's database. Is there a way to auto create and save a basic User Details domain o...

Open Source Alternative to ASP.NET membership

I'm currently supporting a Python web app with increasingly complicated user/role/permission management requirements. Currently, we are rolling our own user, groups, permissions, etc. code and supporting database. I'd like to find something like ASP.NET membership that can help manage user authentication and authorization, rather than ...

adldap class, need to search for user in two groups

http://adldap.sourceforge.net/wiki/doku.php?id=api_user_functions#user_ingroup_username_group_recursive_null I am using the adLDAP class above to authenticate users against our ldap server. I was wondering how I could check multiple groups to see if the user belongs to either, if they belong to either. I don't know if user_ingroup($...

Java Netscape LDAP Remove One Attribute

Hi, I have LDAP schema where are users. I need remove one attribute named "notify" which have values: phone number or mail or remove attribute from user. I found method LDAPConnection myCon = new LDAPConnection("localhost",389); myCon.delete("uid=test1, ou=People, o=domain.com, o=isp"); but this remove whole user and i need remove onl...

Optimize existing code and need to list alphabetically.

I need help optimizing the code to run faster, unless it is optimized the best. I also want to alphabetize the list and I am unsure how to do that. It should be alphabetized by $userinfo[0]["sn"][0] I am using the adLDAP class: http://adldap.sourceforge.net/ <?php require_once('adLDAP.php'); //header('Content-type: text/json'); $adl...

LDAP "Insufficient Access"

I am trying to create an LDAP filter string. In each LDAP entry there is an attribute called "status" that has many values, some of which are of the regex form "[ab][0-9][1-9]". For example, "a20" or "b81". All other values for the "status" attribute are just alphabetical characters. I only want to let through entries that have a "st...

How can I get the group name from an Active Directory group with .NET?

I have code which as been working against an older Active Directory server and now I have pointed it to a new Windows Server 2008 AD system. Now the group names are coming back with SIDs and not names. I do not know enough about the AD side to know if there is a way to make the new AD server work like the older AD server. My code is bas...

List the root contexts in LDAP

I would like to list or search the root context(s) in a LDAP tree. I use Apache Directory Server and Java: Hashtable<String, String> contextParams = new Hashtable<String, String>(); contextParams.put("java.naming.provider.url", "ldap://localhost:10389"); contextParams.put("java.naming.security.principal", "uid=admin,ou=syste...

Storing a digital signature for bookings on a web based system

I have a web based bookings system built for a UK higher education client to allow students to sign out equipment (laptops, camera's etc). It's been in use successfully for a couple of years, in the current workflow equipment is collected and the booking is printed, signed by the student and kept until the equipment is returned. They are...

need help passing multiple variables from foreach loop to test in switch case statement

$list_of_groups = array("FACULTY","STAFF"); foreach ($list_of_groups as $i => $group) { $user_in_group = $adldap->user_ingroup($username,$group); print "<h2>Group: ".$group." user in group? ".$user_in_group."</h2>"; // if 1, means yes } Need to print run the appropriate function based on what returns true. There are user's that...