We've been thinking about using LDAP for user authentication. Acording to the Documentation (Both ASP.NET ZERO and ABP) we have to enable it on our Core Project Module, wich is fine and has no issues for single tenant scenarios. However, when facing a multi tenant scenario, there seem to be 2 options:
1. Multiple ILdapSettings (per-tenant)
2. Overriding AppLdapAuthenticationSource methods
As far as we know there's only only one ILdapSettings, and we cannot fin any documentation regarding wich methods should be overwritten nor how. Besides, any of this solutions results in a "1 LDAP connection => 1 tenant" situation, we'd like to have all tenants in one single LDAP tree, for example one tenant per OU. What would be the proper way to archive this?
2 Answer(s)
-
1
Hi, as mentioned in the documentation, can you override LDAP settings for you case.
You can refer to Abp Zero implementation at https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.Zero.Ldap/Ldap/Configuration/LdapSettings.cs
You can use the same setting for all your tenants instead of tenant specific settings
-
0
Hi, thanks for your answer.
Seeing the implementation you've provided, we now see that we'll use a custom implementation of ILdapSettings, based on that one.
However, we can't seem to pinpoint the way GetPassword works, it seems as if it's being retrived from the DB in plain text. We've been reading the following classes
- https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.Zero.Ldap/Ldap/Configuration/LdapSettings.cs
- https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp/Configuration/SettingManager.cs
We can't seem to find any indicator of the password not being in plain text. What aproach does Abp take towards this?
