One of the requisites to start using Lift at my work, was to use LDAP authentification.
So i wrote a little module lift-ldap for that and a sample app, it was damn simple !

To use the module,

  • 1. lift-ldap requirements in maven pom.xml
  • 2. Create the user object in src/scala/com/sample/model/User.scala

    package com.sample.model
    import scala.util.matching.{Regex}
    import scala.xml.{NodeSeq}
    // lift ldap
    import net.liftweb.ldap.{LDAPProtoUser, MetaLDAPProtoUser, LDAPVendor, SimpleLDAPVendor}
    import net.liftweb.common.{Box, Full}
    import net.liftweb.http.{S, SessionVar}
    import net.liftweb.mapper.{KeyedMetaMapper}
    object roles extends SessionVar[List[String]](List())
    class User extends LDAPProtoUser[User] {
        def getSingleton = User
        def getRoles: List[String] = {
            return roles.get
    object User extends User with MetaLDAPProtoUser[User] {
        override def screenWrap = Full(
        override def dbTableName = "tmp_users"
        override def login : NodeSeq = {
            val groupNameRx = new Regex(".*cn=(.*),ou=.*")
            def getGroupNameFromDn(dn: String): String = {
                val groupNameRx(groupName) = dn
                return groupName
            def setRoles(userDn: String, ldapVendor: LDAPVendor): AnyRef = {
                // buscamos o grupo do usuario
                val filter = "(&(objectclass=groupofnames)(member=" + userDn + "))"
                val groups =
                groups.foreach(g => {
                    roles.set(roles.get + getGroupNameFromDn(g))
            login(setRoles _)

    The User object has to provide a setRoles function to the LDAPVendor (when do login),
    so we can customize the way in which we retrieve the credentials from LDAP (from a group of names or a custom object)

  • 3. Initialize the LDAP configuration in Boot.scala (src/main/scala/bootstrap/liftweb/Boot.scala)

    We can pass a properties file to the SimpleLDAPVendor
    SimpleLDAPVendor.parameters = () =>
    or just manually :
    SimpleLDAPVendor.parameters = () => Map("ldap.url"  -> "ldap://localhost",
                                            "ldap.base" -> "dc=company,dc=com",
                                            "ldap.userName" -> "...",
                                            "ldap.password" -> "...")
  • 4. A LoginUtils class (src/main/scala/com/sample/lib/LoginUtil.scala)

    To determine when the user is logged or have some credentials

  • 5. Create the security rules in Boot

        LiftRules.dispatch.prepend(NamedPF("Login Validation") {
            case Req("group_required" :: page, extension, _) if !LoginUtil.hasAuthority_?("sample_group") =>
            case Req("login_required" :: page , extension, _) if (!LoginUtil.isLogged) =>
                    () => Full(RedirectResponse("/user_mgt/login"))

And that’s it 🙂

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: