Hello,
We will be implementing CMOD and are planning on using LDAP integration for authentication. However, we are curious if anyone is leveraging LDAP (AD) to handle authorization and if so how? This doesn't appear to be native functionality of CMOD.
We have explored using ODWEK to build our own component but there doesn't appear to be CRUD APIS to support this.
Well apparently you haven't read at all the documentation of CMOD... since LDAP and AD with authentication is a native functionality of CMOD since at least 10-15 years.
Here are some informations for you on the subject:
http://www-01.ibm.com/support/docview.wss?uid=swg21597246http://www-01.ibm.com/support/docview.wss?uid=swg21610510https://www-304.ibm.com/support/docview.wss?uid=swg21446517Now... from what I can read between the lines with your question, and tell me if I'm wrong... you want to handle the authentication from ODWEK with LDAP.
Well you must understand the following, it is NOT the client that decide what kind of authentication is used, but the server.
When you create a connection with ODWEK, then you use the method ODServer.logon(...) you will need to provide the user and password.
Then ODServer.logon(...) will discuss with the server, and the server will check how to authenticate the user.
If the CMOD server is not define with LDAP, then it will NOT use ldap... as simple as that.
If you have setup the server with LDAP, then it will use LDAP.
But in any cases, it is NOT the task and responsibility of the client to decide which authentication to use, this is the task of the server side.
Now... maybe you want to do SSO (Single Sign On), and then you need to pass the SSO Token (Kerberos, ...) in order to validate that the token is ok.
Then, again this is NOT the task of the client to do it, you need to pass the information to the server with the help of the method ODServer.logon(...) and then because we are speaking about SSO, you will need to write a C program in CMOD to plug in the server (Security User Exit) that will do the work of validation for the client.
So, all of that to say, that before assuming, you must understand how CMOD works, and more importantly, if you want a good answer, you must explain us what is the use case you want to do. And then we will be able to give you some answers, at least we will try, to the best of our ability.
So again, what do you want to do exactly?
Regards,
Alessandro