[jboss-jira] [JBoss JIRA] Closed: (JBAS-3301) LDAP/AD authentication "follow the memberOf chain"

Scott M Stark (JIRA) jira-events at jboss.com
Wed Sep 27 00:33:41 EDT 2006 

     [ http://jira.jboss.com/jira/browse/JBAS-3301?page=all ]

Scott M Stark closed JBAS-3301.
-------------------------------

    Resolution: Duplicate Issue

This patch is obsoleted by the fix in JBAS-3312, LdapExtLoginModule is missing the first role group of a nested structure

> LDAP/AD authentication "follow the memberOf chain"
> --------------------------------------------------
>
>                 Key: JBAS-3301
>                 URL: http://jira.jboss.com/jira/browse/JBAS-3301
>             Project: JBoss Application Server
>          Issue Type: Patch
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: JBossAS-4.0.4.GA
>            Reporter: Rafael Van Durm
>         Assigned To: Scott M Stark
>         Attachments: ADLoginModule.java
>
>
> For LDAP authentication, there are 2 possibilities for now: 
> - org.jboss.security.auth.spi.LdapLoginModule
> - org.jboss.security.auth.spi.LdapExtLoginModule
> Both do not support (as far as I understand) the "follow the memberOf chain" style of finding role definitions ...
> For example: authentication and authorisation for raf
> CN=raf,OU=People,DC=uz,DC=kuleuven,DC=ac,DC=be
>   memberOf: CN=inf_iedereen,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
>   ...
> CN=inf_iedereen,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
>   member: CN=raf,OU=People,DC=uz,DC=kuleuven,DC=ac,DC=be
>   memberOf: CN=web-gevonden,OU=WebRollen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
>   ...
> CN=web-gevonden,OU=WebRollen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
>   member: CN=inf_iedereen,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
> would result in group membership (=roles) 
>   inf_iedereen
>   web-gevonden
> I implemented this authorisation scheme quickly and attached the code over here ...
> Maybe also interesting for other people?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list