cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Bernhardt (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-6303) Multi Group and User BaseDN Support for LdapGroupClaimsHandler
Date Wed, 18 Mar 2015 21:50:38 GMT

     [ https://issues.apache.org/jira/browse/CXF-6303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jan Bernhardt updated CXF-6303:
-------------------------------
    Priority: Major  (was: Critical)

> Multi Group and User BaseDN Support for LdapGroupClaimsHandler
> --------------------------------------------------------------
>
>                 Key: CXF-6303
>                 URL: https://issues.apache.org/jira/browse/CXF-6303
>             Project: CXF
>          Issue Type: Improvement
>          Components: STS
>    Affects Versions: 3.1.0, 2.7.16, 3.0.5
>            Reporter: Christian Schm├╝lling
>            Assignee: Colm O hEigeartaigh
>              Labels: Claim, STS
>             Fix For: 3.1.0, 2.7.16, 3.0.5
>
>   Original Estimate: 72h
>  Remaining Estimate: 72h
>
> The current implementation of the LdapGroupClaimsHandler only allows to define a single
DN for your group and user search base. In cases when groups and users are spread in multiple
OUs which do not share a common OU, it is not possible to collect claims for all the users.
> Sample:
> CN=group1,OU=Internal-Group,DC=MY,DC=DOMAIN,DC=COM
> CN=group2,OU=External-Group,DC=MY,DC=DOMAIN,DC=COM
> Setting the "groupBaseDN" to "OU=Internal-Group,DC=MY,DC=DOMAIN,DC=COM" would cause that
roles for Bob could not be resolved.
> My proposal is to add properties "groupBaseDNs" and "userBaseDNs" to the LdapGroupClaimsHandler
containing a List<String> of groupBaseDN and userBaseDN. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message