JAAS with LDAP password policy

Question

JAAS with LDAP password policy

The user has access to a restricted web application using JAAS (on Glassfish 2.1). LDAPRealm is used and authentication succeeds from LDAP. It is necessary for users to establish a password policy so that they are forced to change passwords, have passwords of a certain complexity / length, passwords and last N passwords. The LDAP server's password policy (OpenDS) supports all of this, but it is not at all obvious how to get this kind of information in the JAAS FORM that we use so that information (ie "Please change password") can be displayed to the user.

Do you have any idea how to implement this? Using a database is not an option, users must be in LDAP. It is not clear if LDAP password policies should be used at all or if this is all programmed into our web application. I would like to avoid this and use my own LDAP password policies.

Thanks for the answers and best wishes, Bozo

+2

java jaas ldap

bozo 17 oct. '09 at 8:46

source to share

2 answers

Got it. You must use SAM as you cannot get a LoginException (causing login failure) to the existing auth mechanisms in Glassfish. The answer is here: How to override j_security_check in glass shawl?

0

bozo 17 oct. 09 at 13:19

source to share

Zarkonnen · Accepted Answer · 2009-10-17T10:47:57+0000

Unfortunately, what you can do with JAAS is limited to the small set of operations that any login system can support. Although LDAP supports password policy, other login systems (such as keystores) might not work, so JAAS cannot have code that requires it.

Hence, you will have to talk to the LDAP server directly using JNDI or perhaps this library from Novell .

JAAS with LDAP password policy

More articles: