[CXF-6043] Multi User BaseDN Support for LdapClaimsHandler - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.7.12, 3.0.1
Fix Version/s: 3.1
Component/s: STS
Labels:
- Claims
- STS

Estimated Complexity:
Unknown

Description

The current implementation of the LdapClaimsHandler only allows to define a single DN for your user search base. In cases when users are spread in multiple OUs which do not share a common OU, it is not possible to collect claims for all the users.

Sample:
CN=Alice,OU=Internal-User,DC=MY,DC=DOMAIN,DC=COM
CN=Bob,OU=External-User,DC=MY,DC=DOMAIN,DC=COM

Setting the "userBaseDN" to "OU=Internal-User,DC=MY,DC=DOMAIN,DC=COM" would cause that claims for Bob could not be resolved.

My proposal is to add another property "userBaseDNs" to the LdapClaimsHandler containing a List<String> of userBaseDN. If the user could not be found within the scope of userBaseDN then all userBaseDNs contained in the Collection will be searched until the user claims could be retrieved.

Attachments

Activity

People

Assignee:: Jan Bernhardt

Reporter:: Jan Bernhardt

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 10/Oct/14 16:49

Updated:: 21/Oct/16 18:45

Resolved:: 10/Oct/14 18:50