Use bind authentication in LDAP

[lgpl/argeo-commons.git] / security / modules / org.argeo.security.dao.ldap / META-INF / spring / ldap.xml

diff --git a/security/modules/org.argeo.security.dao.ldap/META-INF/spring/ldap.xml b/security/modules/org.argeo.security.dao.ldap/META-INF/spring/ldap.xml
index 77a6ac7d5b48d9281420f38a67c5b9d8c562abd2..e990cad8b2937789e087fa032f092295314c0118 100644 (file)
--- a/security/modules/org.argeo.security.dao.ldap/META-INF/spring/ldap.xml
+++ b/security/modules/org.argeo.security.dao.ldap/META-INF/spring/ldap.xml
@@ -27,23 +27,35 @@
        <!-- AUTHENTICATION -->
        <bean id="ldapAuthenticationProvider"
                class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
-               <constructor-arg ref="passwordComparisonAuthenticator" />
+               <constructor-arg ref="ldapAuthenticator" />
                <constructor-arg ref="authoritiesPopulator" />
                <property name="userDetailsContextMapper" ref="jcrUserDetailsContextMapper" />
        </bean>
 
-       <bean id="passwordComparisonAuthenticator"
-               class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator">
+       <bean id="ldapAuthenticator"
+               class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
                <constructor-arg ref="contextSource" />
                <property name="userDnPatterns">
                        <list>
                                <value><![CDATA[${argeo.ldap.usernameAttribute}={0},${argeo.ldap.userBase}]]></value>
                        </list>
                </property>
-               <property name="passwordAttributeName" value="${argeo.ldap.passwordAttribute}" />
-               <property name="passwordEncoder" ref="passwordEncoder" />
        </bean>
 
+       <!-- DOESN'T WORK WITH SSHA -->
+       <!-- <bean id="passwordComparisonAuthenticator" -->
+       <!-- class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator"> -->
+       <!-- <constructor-arg ref="contextSource" /> -->
+       <!-- <property name="userDnPatterns"> -->
+       <!-- <list> -->
+       <!-- <value><![CDATA[${argeo.ldap.usernameAttribute}={0},${argeo.ldap.userBase}]]></value> -->
+       <!-- </list> -->
+       <!-- </property> -->
+       <!-- <property name="passwordAttributeName" value="${argeo.ldap.passwordAttribute}" 
+               /> -->
+       <!-- <property name="passwordEncoder" ref="passwordEncoder" /> -->
+       <!-- </bean> -->
+
        <!-- USER DETAILS -->
        <bean id="securityDao" class="org.argeo.security.ldap.ArgeoSecurityDaoLdap">
                <constructor-arg ref="contextSource" />