Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-6303

Multi Group and User BaseDN Support for LdapGroupClaimsHandler

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 3.1, 2.7.16, 3.0.5
    • None
    • STS
    • Advanced

    Description

      The current implementation of the LdapGroupClaimsHandler only allows to define a single DN for your group and user search base. In cases when groups and users are spread in multiple OUs which do not share a common OU, it is not possible to collect claims for all the users.

      Sample:
      CN=group1,OU=Internal-Group,DC=MY,DC=DOMAIN,DC=COM
      CN=group2,OU=External-Group,DC=MY,DC=DOMAIN,DC=COM

      Setting the "groupBaseDN" to "OU=Internal-Group,DC=MY,DC=DOMAIN,DC=COM" would cause that roles for Bob could not be resolved.

      My proposal is to add properties "groupBaseDNs" and "userBaseDNs" to the LdapGroupClaimsHandler containing a List<String> of groupBaseDN and userBaseDN.

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            Christian Schmülling Christian Schmülling
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - 72h
                72h
                Remaining:
                Remaining Estimate - 72h
                72h
                Logged:
                Time Spent - Not Specified
                Not Specified