Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
core-1.8.0
-
None
Description
Add attribute for permission ldap extraction
I propose new permisions creation from LDAP attribute
Alternatively, permissions can be extracted from the base itself with the parameter searchUserBase,
the attribute list as userExtractedAttribute and the permission url as permissionByUserAttribute.
The idea is to extract attribute from the user or the group of the user and map directly to permission rule in replacing the string
by the extracted attribute (can me multiple).
See the sample for group and user attribute and mapping:
ldapRealm.searchUserBase = ou=users,o=mojo
ldapRealm.userObjectClass=inetOrgPerson
ldapRealm.userObjectClass=organizationnalPerson
ldapRealm.groupExtractedAttribute=street,country
ldapRealm.userExtractedAttribute=street,country
ldapRealm.permissionByGroupAttribute=attribute:Folder.
ldapRealm.permissionByUserAttribute=attribute:Folder.{street}
:Read,attribute:Portfolio.
{country}Attachments
Issue Links
- links to