]
Darran Lofthouse updated ELY-1668:
----------------------------------
Fix Version/s: (was: 1.8.0.CR1)
LDAP searchScope=OBJECT_SCOPE Elytron alternative
-------------------------------------------------
Key: ELY-1668
URL:
https://issues.jboss.org/browse/ELY-1668
Project: WildFly Elytron
Issue Type: Bug
Components: Realms
Affects Versions: 1.6.1.Final
Reporter: Martin Choma
Priority: Critical
During comparing PicketBox an Elytron we came to one scenario which I am not sure if is
covered by Elytron.
"As a user I am able to authenticate and authorize into web application secured by
LDAP (where the same is used for storing identities and roles) and roles are stored in
tree structure and should be only referenced object." Author is Ondra Lukas which is
not with us anymore so I tried to think about what could this be about? Based on context I
came to conclusion this is about OBJECT_SCOPE value of property searchScope.
Could you revise if same is possible with Elytron? But anyway I am not sure how that
feature can be useful. But maybe there is some corner case it can be useful I am not aware
of.
{code}
dn: ou=People,${dnSuffix}
objectclass: top
objectclass: organizationalUnit
ou: People
dn: uid=jduke,ou=People,${dnSuffix}
objectclass: top
objectclass: person
objectclass: inetOrgPerson
uid: jduke
cn: Java Duke
sn: Duke
userPassword: Password1
dn: ou=RolesLevel1,${dnSuffix}
objectclass: top
objectclass: organizationalUnit
ou: RolesLevel1
dn: cn=RoleUnderLevel1,ou=RolesLevel1,${dnSuffix}
objectclass: top
objectclass: groupOfNames
cn: RoleUnderLevel1
member: uid=jduke,ou=People,${dnSuffix}
description: the RoleUnderLevel1 group
{code}
[1]
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_ap...