cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Schmülling (JIRA) <>
Subject [jira] [Created] (CXF-6303) Multi Group and User BaseDN Support for LdapGroupClaimsHandler
Date Wed, 18 Mar 2015 14:38:38 GMT
Christian Schmülling created CXF-6303:

             Summary: Multi Group and User BaseDN Support for LdapGroupClaimsHandler
                 Key: CXF-6303
             Project: CXF
          Issue Type: Improvement
          Components: STS
    Affects Versions: 3.1.0, 2.7.16, 3.0.5
            Reporter: Christian Schmülling
            Priority: Critical
             Fix For: 3.1.0, 2.7.16, 3.0.5

The current implementation of the LdapGroupClaimsHandler only allows to define a single DN
for your group and user search base. In cases when groups and users are spread in multiple
OUs which do not share a common OU, it is not possible to collect claims for all the users.


Setting the "groupBaseDN" to "OU=Internal-Group,DC=MY,DC=DOMAIN,DC=COM" would cause that roles
for Bob could not be resolved.

My proposal is to add properties "groupBaseDNs" and "userBaseDNs" to the LdapGroupClaimsHandler
containing a List<String> of groupBaseDN and userBaseDN. 

This message was sent by Atlassian JIRA

View raw message