[KNOX-228] Knox should support dynamic LDAP Groups - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.4.0
Fix Version/s: 0.4.0
Component/s: Server
Labels:
None

Description

Knox should support dynamic LDAP groups.

Meaning

Knox should be able to look up LDAPEntries with objectclass groupofurls.
Then, based on the memberurl attribute of the entry, should evaluate whether a user is member of the dynamicgroup.

The fact that user was member of the dynamic group should be reflected in authorization checks for service level access

Attachments

Sub-Tasks

1.	provide ldap schema file to allow creation of daynamic groups in apache ds	Closed	Dilli Arumugam
2.	shiro realm implementation to support ldap dynamic groups	Closed	Dilli Arumugam
3.	add automation test case for ldap dynamic group support	Closed	Dilli Arumugam
4.	add a topology template file to illustrate the use of dynamic groups	Closed	Dilli Arumugam
5.	add documentation for dynamic groups	Closed	Dilli Arumugam

Activity

People

Assignee:: Dilli Arumugam

Reporter:: Dilli Arumugam

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 23/Dec/13 22:12

Updated:: 28/Mar/19 14:12

Resolved:: 07/Jan/14 22:47