Uploaded image for project: 'Isis'
  1. Isis
  2. ISIS-1162

For Shiro Realm,Make LDAP attributes as permision generator

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: core-1.8.0
    • Fix Version/s: 1.9.0
    • Component/s: Core: Security: Shiro
    • Labels:
      None

      Description

      Add attribute for permission ldap extraction

      I propose new permisions creation from LDAP attribute
      Alternatively, permissions can be extracted from the base itself with the parameter searchUserBase,
      the attribute list as userExtractedAttribute and the permission url as permissionByUserAttribute.
      The idea is to extract attribute from the user or the group of the user and map directly to permission rule in replacing the string

      {attribute}

      by the extracted attribute (can me multiple).
      See the sample for group and user attribute and mapping:
      ldapRealm.searchUserBase = ou=users,o=mojo
      ldapRealm.userObjectClass=inetOrgPerson
      ldapRealm.userObjectClass=organizationnalPerson
      ldapRealm.groupExtractedAttribute=street,country
      ldapRealm.userExtractedAttribute=street,country
      ldapRealm.permissionByGroupAttribute=attribute:Folder.

      {street}:Read,attribute:Portfolio.{country}
      ldapRealm.permissionByUserAttribute=attribute:Folder.{street}

      :Read,attribute:Portfolio.

      {country}

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                sebadiaz sebastien diaz
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: