Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-606

JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.0
    • Fix Version/s: 2.2.1, 2.2.5, 3.0.0
    • Component/s: karaf-core
    • Labels:
      None
    • Environment:

      Windows/any

      Description

      The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.

      Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.

      This is a very small change; will provide a patch.

        Attachments

        1. KARAF-606.patch
          0.7 kB
          Kurt Westerfeld

          Activity

            People

            • Assignee:
              jbonofre Jean-Baptiste Onofré
              Reporter:
              kwesterfeld Kurt Westerfeld
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: