Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-6043

Multi User BaseDN Support for LdapClaimsHandler

          Details

          • Type: Improvement
          • Status: Closed
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: 2.7.12, 3.0.1
          • Fix Version/s: 3.1
          • Component/s: STS
          • Labels:
          • Estimated Complexity:
            Unknown

            Description

            The current implementation of the LdapClaimsHandler only allows to define a single DN for your user search base. In cases when users are spread in multiple OUs which do not share a common OU, it is not possible to collect claims for all the users.

            Sample:
            CN=Alice,OU=Internal-User,DC=MY,DC=DOMAIN,DC=COM
            CN=Bob,OU=External-User,DC=MY,DC=DOMAIN,DC=COM

            Setting the "userBaseDN" to "OU=Internal-User,DC=MY,DC=DOMAIN,DC=COM" would cause that claims for Bob could not be resolved.

            My proposal is to add another property "userBaseDNs" to the LdapClaimsHandler containing a List<String> of userBaseDN. If the user could not be found within the scope of userBaseDN then all userBaseDNs contained in the Collection will be searched until the user claims could be retrieved.

              Attachments

                Activity

                  People

                  • Assignee:
                    jan4talend Jan Bernhardt
                    Reporter:
                    jan4talend Jan Bernhardt
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: