Connecting to LDAP servers with IBM MobileFirst Foundation 8.0
Ishai Borovoy July 29, 2016
MobileFirst_Foundation Authentication Adapters Security_Checks LDAPIntroduction
LDAP (Lightweight Directory Access Protocol) is an essential protocol in the enterprise world. It provide a central place to store usernames and passwords and allowing many different applications and services to connect to the LDAP server to validate users.
In my previous blog post I talked about LDAP in the context of LTPA (Lightweight Third-Party Authentication). In this blog I want to introduce a new LDAP Security Check sample which lets you connect directly to any LDAP server without the need for an LTPA token.
The sample security check acts mostly like the User Authentication sample . The difference is that the validateCredentials
function checks the credentials against configured LDAP server.
@Override
protected boolean validateCredentials(Map<String, Object> credentials) {
...
ldapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, searchResult.getName());
ldapContext.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
try {
ldapContext.reconnect(null);
userId = (String) searchResult.getAttributes().get(config.getLdapUserAttribute()).get();
displayName = (String) searchResult.getAttributes().get(config.getLdapNameAttribute()).get();
return true;
} catch (Exception e) {
errorMsg = "Wrong Credentials";
}
...
...
...
}
Running the Security Check sample
To run the sample follow the instructions in the README.md file link.
Configuration
You can configure the LDAP connectivity either by editing the properties in the adapter.xml file followed by re-building and re-deploying the .adapter file, or by editing the adapter properties directly from MobileFirst Console.
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.