Hello everybody,
I've developed a couple of authentication classes in Access Manager and
I found the constrain to use a LDAP user store very limitative.

I have to develop a class that check the credential against a table in
a database. I've no LDAP user store at all. I find all the relevant
information in the db. So I can correctly authenticate the user but I
can't "say" to the Identity Server that the user is also correctly
identified. In the code I can create a new NIDPPrincipal object with a
(null UserAuthority) setting its properties for the authenticated user.
It works but anyway I've to add a "fake" LDAP User store to be able to
check the "identify user" option in the method definition in the
Administration Console. And I presume that the Identity Server can
became unstable because it can not find the User in the user store.

I've looked at the LDAP Plugin extesion, trying to create a "wrapper"
to the db, but the documented API is only about the LDAP definition and
does not expose any interface to catch ldap search or read (or whatever
else the Indentity Server may ask to the User store) so I guess that the
LDAP access is hard-wired in the Identity server code. This approach
seems very strange because the modular architecture of the NAM solution
could work very well with other type of user stores than LDAP. I
expected to find an interface to abstract the User Authority.

I'm missing something or my argumentations are very wrong?


cannata_g's Profile: http://forums.novell.com/member.php?userid=17484
View this thread: http://forums.novell.com/showthread.php?t=422784