1

My web application is currently configured to connect to LDAP for user validation without relying on application server settings. In other words, my applications utilizes naming params to connect to LDAP hence its agnostic to application server ie. JBoss or Websphere.

Naming params used are as follows: ldapURL ldapPrincipal (bind user) ldapCredentials (bind user's password) ldapAuthentication ldapSearchBase

The requirement now is to allow encrypted password in the ldapCredentials naming param. I have a way out of this situation is using custom SecurityLoginModule to encrypt password and supply it to application using naming param. My application would then decrypt it and then proceed with LDAP user validation. However, this results into additional application installation step.

So I was wondering if there is a way to use application server security domain (or some other way) to store the user credentials in secured fashion on application server and later application would pick it up at the time of user validation with LDAP without writing server specific code in my application. I know that we can use security domain to perform data source connection without writing server specific code. But if I do this for LDAP then I make server talk to LDAP which is not what am looking. Basically may still continue to use Federated users instead of LDAP.

mod
  • 383
  • 5
  • 22
  • In case you decide to store the credentials, you can use Authentication Alias in WAS – see http://stackoverflow.com/questions/4663534/how-to-access-authentication-alias-from-ejb-deployed-to-websphere-6-1/6355992#6355992 – ᄂ ᄀ Jul 12 '18 at 09:33

1 Answers1

2

Any decent application server (including JBoss and WebSphere) have server provided LDAP registry, which you can configure and use without any application specific code, and I'd strongly suggest to utilize that instead of writing your own ldap connection code.

Regarding encryption:

Community
  • 1
  • 1
Gas
  • 17,601
  • 4
  • 46
  • 93