• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Accessing Open Directory Information
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Accessing Open Directory Information


  • Subject: Re: Accessing Open Directory Information
  • From: Chuck Hill <email@hidden>
  • Date: Wed, 6 Jul 2005 11:39:49 -0700


On Jul 6, 2005, at 11:31 AM, Joe Little wrote:

The EOModeler JNDI wizard does allow you to authenticate user name and
password. I've yet to get OD to do such since it wants SASL for
authenticated binds.

Do you know if it will accept TLS as well? I've used raw JNDI to do TLS encrypted binds, but failed to get SASL working with that LDAP server (the exact problem has long since fled my memory, could be it did not support it).



For non-authenticated binds, you simply leave the
username/password blank, choose SIMPLE for the bind, and use a correct
URL, like ldap://myserver.mydomain.com:389/ dc=myserver,dc=mydomain,dc=com


I believe that WO never designed a secure interface for this, as it
seems to neither support SASL authentication (which OD uses for non
secure connections) nor SSL for encypting simple binds. However, for
the question at hand, a simple bind for non auth would be fine.

IIRC, you could do this with a plugin for the JNDI adaptor, which is not to suggest that I ever got it to function. :-) I don't actually need to query against a bound, authenticated connection. I was just wondering how much effort it would be to use OpenDirectory to authenticate users rather than storing a user ID and credential in the app's database. If it supports TLS then it will be little effort.

Chuck


You'll select organ*, inetorgperson, group*, person, posix* as the
tables to get.

In this specific case, if you are simple using "groups" you may just
ideally get PosixGroup and PosixAccount as you may not care about the
other hierarchies or the person attributes beyond what you find in a
GECOS field

On 7/6/05, Chuck Hill <email@hidden> wrote:

Joe,

Do you know if you can you use an LDAP bind against OpenDirectory to
authenticate user name  / password?

Chuck


On Jul 5, 2005, at 11:46 PM, Joe Little wrote:


Open Directory, among other things, is just OpenLDAP 2.1.x. Use the
JNDIAdaptor against your LDAP server. You won't have access to
passwords and such, but if you just want groupings, you can query
which groups a user belongs, or the memberships of a specific group.
By making them EOs, you can mostly avoid all the LDAP specific
knowledge you would otherwise need.

On 7/5/05, Colin Shreffler <email@hidden> wrote:


What is the best way to access Open Directory information via Web
Objects?  Does Apple provide an Open Directory API?

Specifically I need to incorporate role-based security
(authorization) into my application.  One approach would be to add
users to groups in Open Directory and then check to see if the
user is a member of that group before granting access to certain
content.

If anyone has any information about alternative methods of
providing role-based security in Web Objects or about an API that
will allow me to see if a User in Open Directory is a member of a
particular Group, I'd be most grateful :)

Cheers!
-c




________________________________________________________________ Sent via the WebMail system at warp9software.com




_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: 40gmail.com

This email sent to email@hidden



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
40global-village.net

This email sent to email@hidden




-- Practical WebObjects - a book for intermediate WebObjects developers who want to increase their overall knowledge of WebObjects, or those who are trying to solve specific application development problems. http://www.global-village.net/products/practical_webobjects









--
Practical WebObjects - a book for intermediate WebObjects developers who want to increase their overall knowledge of WebObjects, or those who are trying to solve specific application development problems.
http://www.global-village.net/products/practical_webobjects





_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
  • Follow-Ups:
    • Re: Accessing Open Directory Information
      • From: Joe Little <email@hidden>
References: 
 >Accessing Open Directory Information (From: "Colin Shreffler" <email@hidden>)
 >Re: Accessing Open Directory Information (From: Joe Little <email@hidden>)
 >Re: Accessing Open Directory Information (From: Chuck Hill <email@hidden>)
 >Re: Accessing Open Directory Information (From: Joe Little <email@hidden>)

  • Prev by Date: Re: OT: what do you use for task/ticket management?
  • Next by Date: Re: Spring Frameworks
  • Previous by thread: Re: Accessing Open Directory Information
  • Next by thread: Re: Accessing Open Directory Information
  • Index(es):
    • Date
    • Thread