LDAP auth provider with database user provider

Marius_Marais · January 18, 2006, 7:16am

Hi everyone

I’'m trying to run Wildfire with a normal database user provider, but with an LDAP authentication provider.

I’'m running Wildfire 2.4.2 with a MySQL database backend and have set up my conf file as follows:

When using plain LDAP or plain default, everything works. Using this hybrid also allows me to log into the admin console correctly.

The problem is that users using Pandion cannot log in with LDAP passwords, but the dummy password in the DB works. Users using Spark can only log in with LDAP passwords. What is going on?

(Does it perhaps have something to do with the fact that default has digest capability? Is so, how can I turn it off in the conf file. Failing that, what are my options?)

Michael3 · January 18, 2006, 9:04am

does the order in which you have them list make a difference? like if ldap was first then defaultuser

Marius_Marais · January 18, 2006, 12:23pm

I figured it out.

Spark uses PLAIN authentication and Pandion uses DIGEST-MD5. Because a the Default user provider normally supports retrieval of the username from the DB, Wildfire tells Pandion that DIGEST is possible, which results in the use of the password in the DB.

To fix this, I only copied the entire DefaultUserProvider class, changed the supportsPasswordRetrieval property to FALSE and threw UnsupportedOperationException for setPassword and getPassword.

Works perfectly!

(Users that are in LDAP but not in DB do not have access - yeay!)

~Marius