cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Bernhardt (JIRA)" <>
Subject [jira] [Assigned] (CXF-6043) Multi User BaseDN Support for LdapClaimsHandler
Date Fri, 10 Oct 2014 21:25:34 GMT


Jan Bernhardt reassigned CXF-6043:

    Assignee: Jan Bernhardt

> Multi User BaseDN Support for LdapClaimsHandler
> -----------------------------------------------
>                 Key: CXF-6043
>                 URL:
>             Project: CXF
>          Issue Type: Improvement
>          Components: STS
>    Affects Versions: 2.7.12, 3.0.1
>            Reporter: Jan Bernhardt
>            Assignee: Jan Bernhardt
>              Labels: Claims, STS
>             Fix For: 3.1.0
> The current implementation of the LdapClaimsHandler only allows to define a single DN
for your user search base. In cases when users are spread in multiple OUs which do not share
a common OU, it is not possible to collect claims for all the users.
> Sample:
> CN=Alice,OU=Internal-User,DC=MY,DC=DOMAIN,DC=COM
> CN=Bob,OU=External-User,DC=MY,DC=DOMAIN,DC=COM
> Setting the "userBaseDN" to "OU=Internal-User,DC=MY,DC=DOMAIN,DC=COM" would cause that
claims for Bob could not be resolved.
> My proposal is to add another property "userBaseDNs" to the LdapClaimsHandler containing
a List<String> of userBaseDN. If the user could not be found within the scope of userBaseDN
then all userBaseDNs contained in the Collection will be searched until the user claims could
be retrieved.

This message was sent by Atlassian JIRA

View raw message