[jboss-user] [JBoss Portal] - Re: LDAPExtUserModuleImpl and userSearchFilter
bdaw
do-not-reply at jboss.com
Tue Jul 24 06:17:43 EDT 2007
I'm playing with this.
So with such ldif:
|
| dn: dc=example,dc=com
| objectclass: top
| objectclass: dcObject
| objectclass: organization
| dc: example
| o: example
|
| dn: dc=portal,dc=example,dc=com
| objectclass: top
| objectclass: dcObject
| objectclass: organization
| o: portal
| dc: portal
|
| dn: o=test,dc=portal,dc=example,dc=com
| objectclass: top
| objectclass: organization
| o: test
|
| dn: ou=People,o=test,dc=portal,dc=example,dc=com
| objectclass: top
| objectclass: organizationalUnit
| ou: People
|
| dn: uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com
| objectclass: top
| objectclass: inetOrgPerson
| objectclass: person
| uid: admin
| cn: Java Duke
| sn: Duke
| userPassword: admin
| mail: email at email.com
|
| dn: uid=user,ou=People,o=test,dc=portal,dc=example,dc=com
| objectclass: top
| objectclass: inetOrgPerson
| objectclass: person
| uid: user
| cn: user
| sn: Portal User
| userPassword: user
| mail: email at email.com
|
| dn: uid=jduke\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
| objectclass: top
| objectclass: inetOrgPerson
| objectclass: person
| uid: jduke, Duke
| cn: Java Duke
| sn: Duke
| userPassword: theduke
| mail: email at email.com
|
| dn: uid=jduke1\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
| objectclass: top
| objectclass: inetOrgPerson
| objectclass: person
| uid: jduke1, Duke
| cn: Java Duke1
| sn: Duke1
| userPassword: theduke
| mail: email at email.com
|
|
| dn: uid=jduke2\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
| objectclass: top
| objectclass: inetOrgPerson
| objectclass: person
| uid: jduke2, Duke
| cn: Java Duke2
| sn: Duke2
| userPassword: theduke
| mail: email at email.com
|
| dn: uid=jduke3\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
| objectclass: top
| objectclass: inetOrgPerson
| objectclass: person
| uid: jduke3, Duke
| cn: Java Duke3
| sn: Duke3
| userPassword: theduke
| mail: email at email.com
|
| dn: uid=jduke4\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
| objectclass: top
| objectclass: inetOrgPerson
| objectclass: person
| uid: jduke4, Duke
| cn: Java Duke4
| sn: Duke4
| userPassword: theduke
| mail: email at email.com
|
| dn: ou=Roles,o=test,dc=portal,dc=example,dc=com
| objectclass: top
| objectclass: organizationalUnit
| ou: Roles
|
| dn: cn=Admin,ou=Roles,o=test,dc=portal,dc=example,dc=com
| objectClass: top
| objectClass: groupOfNames
| cn: Admin
| description: Portal admin role
| member: uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com
|
| dn: cn=User,ou=Roles,o=test,dc=portal,dc=example,dc=com
| objectClass: top
| objectClass: groupOfNames
| cn: User
| description: Portal user role
| member: uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com
| member: uid=user,ou=People,o=test,dc=portal,dc=example,dc=com
| member: uid=jduke\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
| member: uid=jduke1\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
| member: uid=jduke2\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
| member: uid=jduke3\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
| member: uid=jduke4\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
|
| dn: cn=The\, Dukes,ou=Roles,o=test,dc=portal,dc=example,dc=com
| objectClass: top
| objectClass: groupOfNames
| cn: The, Dukes
| description: Portal user role
| member: uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com
| member: uid=user,ou=People,o=test,dc=portal,dc=example,dc=com
| member: uid=jduke\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
| member: uid=jduke1\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
| member: uid=jduke2\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
| member: uid=jduke3\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
| member: uid=jduke4\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com
Role resolution works ok. For the search filters I succeeded with such configuration:
| <option>
| <name>roleSearchFilter</name>
| <value><![CDATA[(&(cn={0})(member=uid=jduke\\\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com))]]></value>
| </option>
|
I think that code changes are not needed here. Actually with command line I also need to use 3 backslashes like here:
| ldapsearch -x -h localhost -p 10389 -D"cn=Directory Manager" -w password -s sub -b "dc=example,dc=com" "(&(cn=*)(member=uid=jduke\\\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com))"
|
otherwise with '\\,' or '\' you have 'Bad search filter (-7)' error. And I don't think its related to the shell as whole phrase is quoted with "". So its just the way you need to escape it.
Anyway I found out that for UserModule.createUser() method userName need to be parsed against RFC2253 (http://ietf.org/rfc/rfc2253.txt), so this need to be corrected.
Could you check if it works for you in MSAD if you just use "member=cn=LastName\\\, FirstName, ou=People, ..." filter?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4066939#4066939
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4066939
More information about the jboss-user
mailing list