Open 136750162 opened 1 year ago
pavelhoral
commented
1 year ago Are you trying to build main branch? That is being built by GitHub CI and the build is passing - https://github.com/WrenSecurity/wrends/actions . Or are you trying to build tag 3.0.0 or one of the sustaining branches?
136750162
commented
1 year ago Currently I am trying to build locally and need to do some secondary customized development based on this project
136750162
commented
1 year ago I would like to ask you a question. At present, I need to use the ldap service as a transit service. It only verifies the correctness of the user but does not perform password verification. If the user is incorrect, it will directly return the login failure. After the user data verification is correct , the password verification is verified by a third-party organization. May I ask whether this function can be realized based on this project?
siepkes
commented
1 year ago @136750162 Is password delegation what you are looking for (see these docs)?
An authentication policy for users whose credentials are managed by a remote LDAP directory service.
pavelhoral
commented
1 year ago Currently I am trying to build locally and need to do some secondary customized development based on this project
But what version are you trying to build / use? If possible, go with the latest release (4.0.0-RC1 at the moment).
Could not find artifact org.wrensecurity.wrends:opendj-core:jar:3.0.0 in wrensecurity-releases
Previous versions were published under the original (unchanged) groupId org.forgerock.opendj.
136750162
commented
1 year ago Currently I am trying to build locally and need to do some secondary customized development based on this project
But what version are you trying to build / use? If possible, go with the latest release (4.0.0-RC1 at the moment).
Could not find artifact org.wrensecurity.wrends:opendj-core:jar:3.0.0 in wrensecurity-releases
Previous versions were published under the original groupId org.forgerock.opendj.
Currently I am trying to build locally and need to do some secondary customized development based on this project
But what version are you trying to build / use? If possible, go with the latest release (4.0.0-RC1 at the moment).
Could not find artifact org.wrensecurity.wrends:opendj-core:jar:3.0.0 in wrensecurity-releases
Previous versions were published under the original groupId org.forgerock.opendj.
I pulled the latest version 4.0.0.RC1
136750162
commented
1 year ago @136750162 Is password delegation what you are looking for (see these docs)?
An authentication policy for users whose credentials are managed by a remote LDAP directory service.
What we want to do now is to build this ldap service only as a username authentication. After the authentication is successful, the authentication request will be forwarded to a third-party authentication password organization for password verification. Can the current project support such a function?
siepkes
commented
1 year ago @136750162 I don't know if it can do that since it's not a requirement I have ever had. Since Wren:DS is based on OpenDS 3.5 if it is possible it should be described in the OpenDS 3.5 documentation.
I don't know if I have ever even seen such a feature on other directory services? Does for example 389, OpenLDAP or Apache Directory server support it?
I don't know your specific usecase but it sounds to me password delegation would also solve your problem?
136750162
commented
1 year ago I don't know if I have ever even seen such a feature on other directory services? Does for example 389, OpenLDAP or Apache Directory server support it? I don't know your specific usecase but it sounds to me password delegation would also solve your problem? Thank you for your answer Wren: Does the DS project currently have relevant documents?
pavelhoral
commented
1 year ago Documentation is something we want to focus on this year. Right now we have only a placeholder site for it - https://docs.wrensecurity.org/wrends/latest/index.html . So the best way to learn about the project is to work with the source code and JavaDoc at the moment. Or you can use the original documentation from ForgeRock that we did not migrate due to licensing issues.
136750162
commented
1 year ago @pavelhoral Hello, I want to know Wren: DS, can this project achieve a similar authentication forwarding function like Getaway?
pavelhoral
commented
1 year ago As previously said - you need to dig through the code or use the (pre-fork) original documentation at the moment. You might also check sample code that shows how to create custom LDAP listener / handler:
But... as @siepkes wrote - maybe all you need is custom authentication policy implementation https://backstage.forgerock.com/docs/opendj/3/configref/authentication-policy.html
136750162
commented
1 year ago As previously said - you need to dig through the code or use the (pre-fork) original documentation at the moment. You might also check sample code that shows how to create custom LDAP listener / handler:
- https://github.com/WrenSecurity/wrends/blob/main/opendj-ldap-sdk-examples/src/main/java/org/forgerock/opendj/examples/Proxy.java
- https://github.com/WrenSecurity/wrends/blob/main/opendj-ldap-sdk-examples/src/main/java/org/forgerock/opendj/examples/ProxyBackend.java
But... as @siepkes wrote - maybe all you need is custom authentication policy implementation https://backstage.forgerock.com/docs/opendj/3/configref/authentication-policy.html
Then I am going directly to implement and write my own AuthenticationPolicy, how should I use my policy after writing it?
pavelhoral
Hello pavelhoral, thank you very much for your answer above, I would like to ask, my local Windows system wants to deploy this project, how should I deploy it?
136750162
commented
1 year ago @siepkes Does the Authentication Policy you mentioned refer to the authentication policy for logging in to the LDAP server?
Wrends:opendj-core:jar:3.0.0 dependency cannot be found when the project is built Could not find artifact org.wrensecurity.wrends:opendj-core:jar:3.0.0 in wrensecurity-releases (https://wrensecurity.jfrog.io/wrensecurity/releases)