[jboss-user] [Security & JAAS/JBoss] - Re: Single Sign On with LDAP Examples
sohil.shah@jboss.com
do-not-reply at jboss.com
Fri Apr 4 21:44:51 EDT 2008
Alejandro and Mauricio are correct.
The LDAPIdentityProvider is designed to use the InetOrgPerson schema which is standard LDAP schema.
However, I think the use of cn and sn in its current implementation is not correct.
I would prefer to use uid instead of cn, and still not sure how to represent the "activation" field.
using sn is confusing.
I initially used these, since the LDAP repo that I was connecting with had the data setup that way.
However, its time the out-of-the-box LDAP impl moves away from that semantics and uses uid and something else for representing "account activation"
Part of the reason I have not changed it, is also keeping backward compatibility with existing users who have setup their LDAP repo based on this impl.
I think the cleanest approach will be leave this LDAPIdentityProvider impl as is, and introduce a new one that maps the data in a more standard manner.
I apologize for the confusion that the hackish usage of 'sn' created ;)
If I were Hillary Clinton then I would say "I mis-coded" ;)
Thanks
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4141802#4141802
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4141802
More information about the jboss-user
mailing list