I would like to integrate ldap authentication mechanism to wildfire however with the following exception. User creation, vcard etc will be stored and managed by Wildfire. The only bit will be that when a user authenticates with Wildfire, it will first try ldap and upon failure perform normal user authentication. Hence, I can create users in Wildfire who do not belong to the ldap store and still allow them to login.
Ldap will only be used as a first layer authentication. Hence if a user logs in, it checks to seeif there is a Wildfire account, and then checks to see if there is an ldap entry. If so, it tries to authenticate with the ldap. Ldap could fail for two reasons - user does not exist or incorrect password. If it fails, the authentication is done with Wildfire and the result returned.
Any help or even an alternative approach would be greatly appreciated.
Take a look at using the HybridAuthProvider. From the documentation:
The hybrid auth provider allows up to three AuthProvider implementations to be strung together to do chained authentication checking. The algorithm is as follows:
Attempt authentication using the primary provider. If that fails:
If the secondary provider is defined, attempt authentication (otherwise return). If that fails:
If the tertiary provider is defined, attempt authentication.