Hannon Hill Corporation

800.407.3540 | www.hannonhill.com | info@hannonhill.com

Makers of the Award-Winning Cascade Server content management software

Custom LDAP Binding Modules

For other types of binding that are desired, custom LDAPBind implementations are able to be plugged in using the same configuration within the ldap-config.xml file.

To do this, one must first obtain the authentication SDK (JAR file format, downloadable here). Within the SDK are the necessary interfaces and classes that should be used when developing this module.

Primarily, the class should implement LDAPBind. This interface defines two methods:

bindHarvest(...)
bindAuthentication(...)

Each of these methods performs a similar purpose but for architectural reasons are divided into two separate methods. Each method is supplied an object that specified the connection details (LDAPConfiguration and LDAPBindCredentials) and also an LDAPInvoker.

The LDAPInvoker is a callback mechanism that allows the bind module to allow the Cascade LDAP framework to perform additional functionality within the context of the current binding. To use LDAPInvoker, simply execute the invoke(DirContext) method, supplying the DirContext that your module just created during the bind.

Once you've created your class, you will need to JAR it and place it in ${jboss.home}server/default/lib and then restart Cascade. At that point, Cascade should be able to instantiate your class and use it in the binding context.

If you wish for your module to be configurable through the configuration file, your LDAPBind implementation should implement

com.hannonhill.cascade.model.security.ldap.bind.Configurable

It will be the responsibility of your module to keep track of those parameters in instance members. These parameters will be set on your module immediately following instantiation.

Additional Notes

The binding module that is specified in the ldap-config.xml file will be used both for authentication as well as user migration.

The ldap-config.xml may be modified on-the-fly. That is, that any changes you make to the file should be picked up at the next user migration or LDAP-user login attempt.

A fresh instance of your LDAPBind implementation will be constructed for each binding attempt.

The LDAPSSLBind implementation currently supports SSLv3.