3

I am trying to authenticate users configured in ApacheDS with password and calling from Worklight client.

I am not able to pass username from Worklight client, I tried username placeholder which I have used in my client but its not working. Then I tried hardcoding uid created in ApacheDS LDAP server and its working. can anyone help me out in passing username given in client to LDAP server.

My authconfig file :

    <className>com.worklight.core.auth.ext.LdapLoginModule</className>
        <parameter name="ldapProviderUrl" value="ldap://localhost:10389"/>
        <parameter name="ldapTimeoutMs" value="2000"/>
        <parameter name="ldapSecurityAuthentication" value="simple"/>
        <parameter name="validationType" value="exists"/>
        <parameter name="ldapSecurityPrincipalPattern" value="uid=Raj,ou=users,ou=system"/>
        <parameter name="ldapSearchFilterPattern" value="(&amp;(uid={usernameInput})(objectclass=inetOrgPerson)"/>

Is there any syntax I need to take care with <parameter name="ldapSecurityPrincipalPattern" "

Improve this question

1 Answer 1

Reset to default
4

You are using the exists validationType, which means authorization will pass if an LDAP connection is successful. The username used to access the ldap server is the ldapSecurityPrincipalPattern parameter after {username} is substituted with the username provided by the authenticator. The password used to connect is the password provided by the authenticator.

For example. I provide 'Mike' as a username, and 'pass123' as my password. The authenticator will send these credentials to the LdapLoginModule. If my ldapSecurityPrincipalPattern is: uid={username},ou=users,ou=system, a connection to the ldap server as uid=Mike,ou=users,ou=system will be attempted with the password 'pass123'. If the login is successful, then the authorization is successful.

If you want to also query the ldap server to validate the user as well, you would use the searchPattern validationType. The username can be substituted into the ldapSearchFilterPattern like above. If set to this validationType, authorization will only be successful if the user/pass combo can be used to connect to the LDAP server AND the query returns at least one result.

More details can be found here: http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m6/index.jsp?topic=%2Fcom.ibm.worklight.help.doc%2Fdevref%2Fr_ldap_login_module.html

Improve this answer
2
  • Mike,I have tried to change the file added exist in validation type and added, <parameter name="ldapSecurityPrincipalPattern" value="uid={usernameInputField},ou=users,ou=system"/> but getting error. FWLSE0138W: LdapLoginModule authentication failed. Reason 'javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: Attempt to lookup non-existant entry: uid={usernameInputField},ou=users,ou=system] Here usernameInputField is my place holder
    – Rajkiran Singh Chouhan
    Commented May 2, 2014 at 11:39
  • Instead of {usernameInputField}, use {username}. The {username} key is automatically replaced by the worklight server with the user's name entered at the authenticator level.
    – Mike
    Commented May 5, 2014 at 2:35

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.