cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Bernhardt (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (CXF-6043) Multi User BaseDN Support for LdapClaimsHandler
Date Fri, 10 Oct 2014 21:25:34 GMT

     [ https://issues.apache.org/jira/browse/CXF-6043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jan Bernhardt reassigned CXF-6043:
----------------------------------

    Assignee: Jan Bernhardt

> Multi User BaseDN Support for LdapClaimsHandler
> -----------------------------------------------
>
>                 Key: CXF-6043
>                 URL: https://issues.apache.org/jira/browse/CXF-6043
>             Project: CXF
>          Issue Type: Improvement
>          Components: STS
>    Affects Versions: 2.7.12, 3.0.1
>            Reporter: Jan Bernhardt
>            Assignee: Jan Bernhardt
>              Labels: Claims, STS
>             Fix For: 3.1.0
>
>
> The current implementation of the LdapClaimsHandler only allows to define a single DN
for your user search base. In cases when users are spread in multiple OUs which do not share
a common OU, it is not possible to collect claims for all the users.
> Sample:
> CN=Alice,OU=Internal-User,DC=MY,DC=DOMAIN,DC=COM
> CN=Bob,OU=External-User,DC=MY,DC=DOMAIN,DC=COM
> Setting the "userBaseDN" to "OU=Internal-User,DC=MY,DC=DOMAIN,DC=COM" would cause that
claims for Bob could not be resolved.
> My proposal is to add another property "userBaseDNs" to the LdapClaimsHandler containing
a List<String> of userBaseDN. If the user could not be found within the scope of userBaseDN
then all userBaseDNs contained in the Collection will be searched until the user claims could
be retrieved.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message