Uploaded image for project: 'Causeway'
  1. Causeway
  2. CAUSEWAY-1162

For Shiro Realm,Make LDAP attributes as permision generator

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • core-1.8.0
    • 1.9.0
    • Security Shiro
    • None

    Description

      Add attribute for permission ldap extraction

      I propose new permisions creation from LDAP attribute
      Alternatively, permissions can be extracted from the base itself with the parameter searchUserBase,
      the attribute list as userExtractedAttribute and the permission url as permissionByUserAttribute.
      The idea is to extract attribute from the user or the group of the user and map directly to permission rule in replacing the string

      {attribute}

      by the extracted attribute (can me multiple).
      See the sample for group and user attribute and mapping:
      ldapRealm.searchUserBase = ou=users,o=mojo
      ldapRealm.userObjectClass=inetOrgPerson
      ldapRealm.userObjectClass=organizationnalPerson
      ldapRealm.groupExtractedAttribute=street,country
      ldapRealm.userExtractedAttribute=street,country
      ldapRealm.permissionByGroupAttribute=attribute:Folder.

      {street}:Read,attribute:Portfolio.{country}
      ldapRealm.permissionByUserAttribute=attribute:Folder.{street}

      :Read,attribute:Portfolio.

      {country}

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            sebadiaz sebastien diaz
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment