nicolabs/ldap-plugin
1
0
Fork 0
mirror of https://github.com/nicolabs/ldap-plugin.git synced 2025-09-07 05:14:24 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
ldap-plugin/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy
kohsuke 3459fc18c0 [FIXED HUDSON-1971] Applying patch from Justin Edelson. 
git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@10468 71c3de6d-444a-0410-be80-ed276b4c234a

Originally-Committed-As: adbccfee4f7229843f8b53fd5cee40a072f271e3
2008-06-27 17:37:50 +00:00

58 lines
2 KiB
Groovy
Raw Blame History

import org.acegisecurity.providers.ProviderManager
import org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider
import org.acegisecurity.providers.ldap.LdapAuthenticationProvider
import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2
import org.acegisecurity.ldap.DefaultInitialDirContextFactory
import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch
import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider
import hudson.model.Hudson
import hudson.security.DeferredCreationLdapAuthoritiesPopulator
/*
Configure LDAP as the authentication realm.
Authentication is performed by doing LDAP bind.
The 'instance' object refers to the instance of LDAPSecurityRealm
*/
initialDirContextFactory(DefaultInitialDirContextFactory, instance.getLDAPURL() ) {
if(instance.managerDN!=null) {
managerDn = instance.managerDN;
managerPassword = instance.getManagerPassword();
}
}
ldapUserSearch(FilterBasedLdapUserSearch, instance.userSearchBase, instance.userSearch, initialDirContextFactory) {
searchSubtree=true
}
bindAuthenticator(BindAuthenticator2,initialDirContextFactory) {
// this is when you the user name can be translated into DN.
// userDnPatterns = [
// "uid={0},ou=people"
// ]
// this is when we need to find it.
userSearch = ldapUserSearch;
}
authoritiesPopulator(DeferredCreationLdapAuthoritiesPopulator,initialDirContextFactory,"ou=groups") {
// groupRoleAttribute = "ou";
}
authenticationManager(ProviderManager) {
providers = [
// talk to LDAP
bean(LdapAuthenticationProvider,bindAuthenticator,authoritiesPopulator),
// these providers apply everywhere
bean(RememberMeAuthenticationProvider) {
key = Hudson.getInstance().getSecretKey();
},
// this doesn't mean we allow anonymous access.
// we just authenticate anonymous users as such,
// so that later authorization can reject them if so configured
bean(AnonymousAuthenticationProvider) {
key = "anonymous"
}
]
}
Reference in a new issue View git blame Copy permalink