[KARAF-606] JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1, 2.2.5, 3.0.0
Component/s: karaf
Labels:
None
Environment:

Windows/any

Description

The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.

Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.

This is a very small change; will provide a patch.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

KARAF-606.patch
02/May/11 04:13
0.7 kB
Kurt Westerfeld

Activity

People

Assignee:: Jean-Baptiste Onofré

Reporter:: Kurt Westerfeld

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 02/May/11 02:33

Updated:: 14/Sep/18 08:37

Resolved:: 06/Dec/11 14:36