Karaf
  1. Karaf
  2. KARAF-606

JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.0
    • Fix Version/s: 2.2.1, 2.2.5, 3.0.0
    • Component/s: karaf-core
    • Labels:
      None
    • Environment:

      Windows/any

      Description

      The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.

      Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.

      This is a very small change; will provide a patch.

      1. KARAF-606.patch
        0.7 kB
        Kurt Westerfeld

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Jean-Baptiste Onofré
            Reporter:
            Kurt Westerfeld
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development