directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Zoerner <>
Subject Re: memberOf attribute
Date Sun, 07 Mar 2010 12:44:51 GMT
Hi Bill,

Bill Keirskie wrote:
> I have a web application that I am trying to authenticate to ApacheDS.  The web application
can authenticate the user against ApacheDS, but cannot obtain a list of groups the user belohas
membership to.  Upon login, the web application syncs the user's groups with it's internal
database for role based permissions based on the LDAP groups.  That way, user and group membership
is managed at the LDAP server and not by the application.  The web application has a configuration
of <attribute mode='memberOf' name='ou=WebAppUserAccounts,dc=example,dc=net'/>.  I can
change the memberOf to whatever objectclass it needs to be, but so far, nothing has worked.
 I've tried "isMemberOf", "member" "uniqueMember", and a few others.  I can make this work
against Active Directory, but I would like to use ApacheDS for this particular project.

I am still not quite sure what you are exactly doing. The ApacheDS side 
seems to be clear (although version number, OS etc. would be nice), but 
what type of web application server are you using? Is it a Java EE web 
application created by you (or 3rd party?) deployed on a Java EE 
compliant server (which one)? The configuration line

<attribute mode='memberOf' name='ou=WebAppUserAccounts,dc=example,dc=net'/>

seems to be application specific. I assume, the memberOf mode leeds to 
reading the values of the memberOf attribute of a user entry, but this 
is just an assumption ...

Greetings from Hamburg,

View raw message