Previous Topic

Next Topic

Book Contents

Book Index

Configuring LDAP Authentication

Using the AuthProviderLDAP class, you can configure Connect Daily to authenticate Users against a central LDAP directory service.

  1. Create a User within the calendar database that has administrator privileges. The name of the User should be the name of the User that exists within the directory.
  2. Add a line to the cdaily-3.4.2/WEB-INF/configuration.properties that specifies the LDAP authentication provider:

    AuthenticationProvider=com.mhsoftware.cdaily.support.security.AuthProviderLDAP
  3. Active Directory Users should follow the steps in SSL LDAP Setup on Windows section in Configuring Active Directory Authentication.
  4. UNIX Users should get the SSL certificate used by the LDAP server and put it in a local keystore file. On Linux the steps were:

    openssl x509 -inform pem -in /usr/share/ssl/certs/slapd.pem \
    -outform der -out ~/slapd.der

    keytool -import -file ~/slapd.der -keystore \
    ~/sslkey.keystore -alias "type=r.name=sslkey"
  5. Edit the ldap.properties file located in the cdaily-3.4.2/WEB-INF directory. This file is heavily commented and should be pretty easy to follow.

You can test the operation of the LDAP provider by changing to the cdaily-3.4.2/WEB-INF directory and running the following Java command:

java -classpath classes:lib/MHS.jar:lib/ldap.jar:lib/cdaily.jar:\
<yourPathTo>/mail.jar:<yourPathTo>/activation.jar \
<yourPathTo>/<your JDBC Drivers>.jar \
com.mhsoftware.cdaily.support.security.AuthProviderLDAP \
configuration.properties ldap.properties UserID Password

This command will attempt to connect to the directory and authenticate a User. It will then try to read the displayName and mail properties for the specified user. If successful, you should see something like:

[gsexton@reddwarf WEB-INF]$ java -classpath classes:lib/MHS.jar:lib/ldap.jar:\
lib/cdaily.jar:<yourPathTo>/mail.jar:<yourPathTo>/activation.jar \
<yourPathTo>/<your JDBC Drivers>.jar \
com.mhsoftware.cdaily.support.security.AuthProviderLDAP \
configuration.properties ldap.properties UserID Password

authenticateUser() returned: gsexton

Additional info is:

Full Name for gsexton is [George L. Sexton]

Email Address for gsexton=[gsexton@mhsoftware.com]

If you are doing this under Windows, change the "/" to "\" and the colon path separator to semi-colon path separators.

Once you have all the steps completed and verified the LDAP authentication is working properly, stop the Connect Daily service and restart it.

If desired, you can customize the included source file for this provider and override how it works. If you do this, you will need to change the class name and deploy the compiled file into the cdaily-3.4.2/WEB-INF/classes sub-directory. Set the AuthenticationProvider entry in the configuration.properties file to point to your new class name.

See Also: Automatically Creating Users

See Also

Authentication Architecture

Implementation Notes on MD5 Authenticator

Configuring Active Directory Authentication

Configuring Container Authentication

Configuring Windows Integrated Authentication

Automatically Creating Users