ldap-plugin/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy

import org.acegisecurity.providers.ProviderManager
import org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider
import org.acegisecurity.providers.ldap.LdapAuthenticationProvider
import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator
import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
import org.acegisecurity.ldap.DefaultInitialDirContextFactory

/*
    Configure LDAP as the authentication realm.

    Authentication is performed by doing LDAP bind.
*/

initialDirContextFactory(DefaultInitialDirContextFactory,it.providerUrl) {

  // if anonymous bind is not allowed --- but what is the use of anonymous bind?
  // managerDn = "..."
  // managerPassword="..."
}

bindAuthenticator(BindAuthenticator,initialDirContextFactory) {
  userDnPatterns = [
    "uid={0},ou=people"
  ]
}
authoritiesPopulator(DefaultLdapAuthoritiesPopulator,initialDirContextFactory,"ou=groups") {
  // groupRoleAttribute = "ou";
}

authenticationManager(ProviderManager) {
    providers = [
        // talk to LDAP
        bean(LdapAuthenticationProvider,bindAuthenticator,authoritiesPopulator),
        // this doesn't mean we allow anonymous access.
        // we just authenticate anonymous users as such,
        // so that later authorization can reject them if so configured
        bean(AnonymousAuthenticationProvider) {
            key = "anonymous"
        }
    ]
}
doing a bit more LDAP work. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6475 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: ad569ef435a46570c0a15331563bc9a1721eeb19 2008-01-04 08:13:30 +01:00			`import org.acegisecurity.providers.ProviderManager`
			`import org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider`
			`import org.acegisecurity.providers.ldap.LdapAuthenticationProvider`
			`import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator`
			`import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator`
			`import org.acegisecurity.ldap.DefaultInitialDirContextFactory`

			`/*`
			`Configure LDAP as the authentication realm.`

			`Authentication is performed by doing LDAP bind.`
			`*/`

			`initialDirContextFactory(DefaultInitialDirContextFactory,it.providerUrl) {`

			`// if anonymous bind is not allowed --- but what is the use of anonymous bind?`
			`// managerDn = "..."`
			`// managerPassword="..."`
			`}`

			`bindAuthenticator(BindAuthenticator,initialDirContextFactory) {`
			`userDnPatterns = [`
			`"uid={0},ou=people"`
			`]`
			`}`
			`authoritiesPopulator(DefaultLdapAuthoritiesPopulator,initialDirContextFactory,"ou=groups") {`
			`// groupRoleAttribute = "ou";`
			`}`

			`authenticationManager(ProviderManager) {`
			`providers = [`
			`// talk to LDAP`
			`bean(LdapAuthenticationProvider,bindAuthenticator,authoritiesPopulator),`
			`// this doesn't mean we allow anonymous access.`
			`// we just authenticate anonymous users as such,`
			`// so that later authorization can reject them if so configured`
			`bean(AnonymousAuthenticationProvider) {`
			`key = "anonymous"`
			`}`
			`]`
			`}`