worklight server authentication with Ldap

问题

I want to authenticate users using ApacheDS LDAP and then integrate it with my worklight server(liberty profile). For that i modified server.xml with the following code after http endpoint element.

   <ldapRegistry id=”ldap” >
   realm=”LdapRegistry” 
   host=”localhost” 
  port=”10389” 
  ignoreCase=”true”
  baseDN=”dc=partition1,dc=com”
  bindDN=”uid=admin,ou=system”
  userFilter=”(&(uid=%v)(objectclass=inetOrgPerson))”
  bindPassword=”secret”
  ldapType="ApacheDS 2.0.0"
  </ldapRegistry>

in authenticationconfig.xml

        "<securityTests>
    <customSecurityTest name="LDAPSecurityTest">
        <test isInternalUserID="true" realm="LDAPRealm"/>
    </customSecurityTest>

    <customSecurityTest name="LDAPSecurityTestForWLConsole">
        <test isInternalUserID="true" realm="WorklightConsole"/>
    </customSecurityTest>
</securityTests>

<realms>
    <realm loginModule="LDAPLoginModule" name="LDAPRealm">
          <className>com.worklight.UsernamePasswordJSONAuthenticator</className>
    </realm>

    <realm loginModule="StrongDummy" name="SampleAppRealm">
        <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
    </realm>

    <realm loginModule="LDAPLoginModule" name="WorklightConsole">
        <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
        <onLoginUrl>/console</onLoginUrl>
    </realm>
</realms>

<loginModules>
    <loginModule name="LDAPLoginModule">
        <className>com.worklight.LDAPLoginModule</className>
        <parameter name="ldapHost" value="ldap://localhost:10389"/>
        <parameter name="ldapDomain" value="localhost:10389"/>
        <parameter name="searchBase" value="dc=partition1,dc=com"/>

        <!-- 
            In case credentials are successfully validated check user's memberOf property for this string.
            Can be used to check whether user belongs to specific LDAP unit or group.
            Leave value empty to skip this check.
          -->


    </loginModule>

    <loginModule name="StrongDummy">
         <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule>

    <loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
    </loginModule>
</loginModules>
  </tns:loginConfiguration>

The worklight server console stops working. Following LDAP login module from ibm site and support centre for configuring to liberty profile. Kindly help

回答1:

I noted that your LDAP conf uses two different types of quotes - ” and ". Could it be the reason? Try changing all of them to ".

回答2:

First point: I think that the LDAP type "ApacheDS 2.0.0" is not correct.
The supported types are:

1. Microsoft Active Directory
2. Custom
3. IBM Lotus Domino Novell eDirectory
4. IBM Tivoli Directory Server
5. Sun Java System Directory Server
6. Netscape Directory Server
7. IBM SecureWay Directory Server

So surely Custom has to be used.

Second point: you have to add userIdMap="*:uid".
So try with:

 <ldapRegistry id=”ldap” >
  realm=”LdapRegistry” 
  host=”localhost” 
  port=”10389” 
  ignoreCase=”true”
  baseDN=”dc=partition1,dc=com”
  bindDN=”uid=admin,ou=system”
  userFilter=”(&amp;(uid=%v)(objectclass=inetOrgPerson))”
  userIdMap="*:uid"
  bindPassword=”secret”
  ldapType="Custom"
 </ldapRegistry>

来源：https://stackoverflow.com/questions/16662048/worklight-server-authentication-with-ldap