ldap-plugin/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy

import org.acegisecurity.providers.ProviderManager
import org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider
import org.acegisecurity.providers.ldap.LdapAuthenticationProvider
import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator
import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
import org.acegisecurity.ldap.DefaultInitialDirContextFactory
import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch
import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider
import hudson.model.Hudson

/*
    Configure LDAP as the authentication realm.

    Authentication is performed by doing LDAP bind.
    The 'instance' object refers to the instance of LDAPSecurityRealm
*/

initialDirContextFactory(DefaultInitialDirContextFactory, instance.getLDAPURL() ) {

  // if anonymous bind is not allowed --- but what is the use of anonymous bind?
  // managerDn = "..."
  // managerPassword="..."
}

bindAuthenticator(BindAuthenticator,initialDirContextFactory) {
    // this is when you the user name can be translated into DN.
//  userDnPatterns = [
//    "uid={0},ou=people"
//  ]
    // this is when we need to find it.
    userSearch = bean(FilterBasedLdapUserSearch, instance.userSearchBase, instance.userSearch, initialDirContextFactory) {
        searchSubtree=true
    }
}
authoritiesPopulator(DefaultLdapAuthoritiesPopulator,initialDirContextFactory,"ou=groups") {
  // groupRoleAttribute = "ou";
}

authenticationManager(ProviderManager) {
    providers = [
        // talk to LDAP
        bean(LdapAuthenticationProvider,bindAuthenticator,authoritiesPopulator),

    // these providers apply everywhere
        bean(RememberMeAuthenticationProvider) {
            key = Hudson.getInstance().getSecretKey();
        },
        // this doesn't mean we allow anonymous access.
        // we just authenticate anonymous users as such,
        // so that later authorization can reject them if so configured
        bean(AnonymousAuthenticationProvider) {
            key = "anonymous"
        }
    ]
}
doing a bit more LDAP work. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6475 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: ad569ef435a46570c0a15331563bc9a1721eeb19 2008-01-04 08:13:30 +01:00			`import org.acegisecurity.providers.ProviderManager`
			`import org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider`
			`import org.acegisecurity.providers.ldap.LdapAuthenticationProvider`
			`import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator`
			`import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator`
			`import org.acegisecurity.ldap.DefaultInitialDirContextFactory`
implemented LDAP authentication support. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6479 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: 89238bb50289e16194c6492dd6153ede4f0282e3 2008-01-05 01:17:06 +01:00			`import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch`
adding remember-me service to the mix. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6761 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: 846889ad1acdc3644459c3643ce22371603dde38 2008-01-19 18:42:15 +01:00			`import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider`
bug fix git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6763 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: 4da8aec86ec27fb5a705553fdcc34d227f7b2db9 2008-01-19 18:58:09 +01:00			`import hudson.model.Hudson`
doing a bit more LDAP work. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6475 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: ad569ef435a46570c0a15331563bc9a1721eeb19 2008-01-04 08:13:30 +01:00
			`/*`
			`Configure LDAP as the authentication realm.`

			`Authentication is performed by doing LDAP bind.`
implemented LDAP authentication support. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6479 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: 89238bb50289e16194c6492dd6153ede4f0282e3 2008-01-05 01:17:06 +01:00			`The 'instance' object refers to the instance of LDAPSecurityRealm`
doing a bit more LDAP work. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6475 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: ad569ef435a46570c0a15331563bc9a1721eeb19 2008-01-04 08:13:30 +01:00			`*/`

implemented LDAP authentication support. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6479 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: 89238bb50289e16194c6492dd6153ede4f0282e3 2008-01-05 01:17:06 +01:00			`initialDirContextFactory(DefaultInitialDirContextFactory, instance.getLDAPURL() ) {`
doing a bit more LDAP work. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6475 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: ad569ef435a46570c0a15331563bc9a1721eeb19 2008-01-04 08:13:30 +01:00
			`// if anonymous bind is not allowed --- but what is the use of anonymous bind?`
			`// managerDn = "..."`
			`// managerPassword="..."`
			`}`

			`bindAuthenticator(BindAuthenticator,initialDirContextFactory) {`
implemented LDAP authentication support. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6479 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: 89238bb50289e16194c6492dd6153ede4f0282e3 2008-01-05 01:17:06 +01:00			`// this is when you the user name can be translated into DN.`
			`// userDnPatterns = [`
			`// "uid={0},ou=people"`
			`// ]`
			`// this is when we need to find it.`
			`userSearch = bean(FilterBasedLdapUserSearch, instance.userSearchBase, instance.userSearch, initialDirContextFactory) {`
			`searchSubtree=true`
			`}`
doing a bit more LDAP work. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6475 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: ad569ef435a46570c0a15331563bc9a1721eeb19 2008-01-04 08:13:30 +01:00			`}`
			`authoritiesPopulator(DefaultLdapAuthoritiesPopulator,initialDirContextFactory,"ou=groups") {`
			`// groupRoleAttribute = "ou";`
			`}`

			`authenticationManager(ProviderManager) {`
			`providers = [`
			`// talk to LDAP`
			`bean(LdapAuthenticationProvider,bindAuthenticator,authoritiesPopulator),`
adding remember-me service to the mix. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6761 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: 846889ad1acdc3644459c3643ce22371603dde38 2008-01-19 18:42:15 +01:00
			`// these providers apply everywhere`
			`bean(RememberMeAuthenticationProvider) {`
bug fix git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6763 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: 4da8aec86ec27fb5a705553fdcc34d227f7b2db9 2008-01-19 18:58:09 +01:00			`key = Hudson.getInstance().getSecretKey();`
adding remember-me service to the mix. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6761 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: 846889ad1acdc3644459c3643ce22371603dde38 2008-01-19 18:42:15 +01:00			`},`
doing a bit more LDAP work. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6475 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: ad569ef435a46570c0a15331563bc9a1721eeb19 2008-01-04 08:13:30 +01:00			`// this doesn't mean we allow anonymous access.`
			`// we just authenticate anonymous users as such,`
			`// so that later authorization can reject them if so configured`
			`bean(AnonymousAuthenticationProvider) {`
			`key = "anonymous"`
			`}`
			`]`
			`}`