oodt-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris A. Mattmann (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (OODT-233) allow users to (optionally) specify search directory when finding groups for username
Date Fri, 14 Dec 2012 00:34:24 GMT

     [ https://issues.apache.org/jira/browse/OODT-233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Chris A. Mattmann updated OODT-233:
-----------------------------------

    Fix Version/s:     (was: 0.5)
                   0.6

- push out to 0.6
                
> allow users to (optionally) specify search directory when finding groups for username
> -------------------------------------------------------------------------------------
>
>                 Key: OODT-233
>                 URL: https://issues.apache.org/jira/browse/OODT-233
>             Project: OODT
>          Issue Type: Improvement
>          Components: single sign on
>         Environment: from JPL internal JIRA
>            Reporter: Andrew Hart
>             Fix For: 0.6
>
>
> The SingleSignOn (security) library defines a function:
> {code:title=SingleSignOn.php|borderStyle=solid}
> retrieveGroupsForUser($username) {...}
> {code}
> which connects to the LDAP server and attempts to identify all groups the provided username
belongs to by executing the following filter:
> {code}
> $filter = "(&(objectClass=groupOfUniqueNames)"
> 	 ."(uniqueMember=uid={$username}," . SSO_BASE_DN . "))";
> $result = ldap_search($ldapconn,SSO_BASE_DN,$filter,array('cn'));
> {code}
> This update proposes to allow a user to optionally specify a search directory other than
the SSO_BASE_DN to use when searching for groups. 
> By updating the method signature to optionally accept a search directory (defaulting
to SSO_BASE_DN if none is provided), we can support a wider array of directory layouts with
no impact to the default behavior:
> {code:title=SingleSignOn.php|borderStyle=solid}
> retrieveGroupsForUser($username,$searchDirectory = SSO_BASE_DN) {...}
> {code}
> The filter code would be updated to use the provided search directory:
> {code}
> $filter = "(&(objectClass=groupOfUniqueNames)"
> 	 ."(uniqueMember=uid={$username}," . SSO_BASE_DN . "))";
> $result = ldap_search($ldapconn,$searchDirectory,$filter,array('cn'));
> {code}
> Existing implementations would not require any modification to their code, because the
function continues to use SSO_BASE_DN unless a second argument is explicitly provided:
> {code}
> $groups = $sso->retrieveGroupsForUser($sso->getCurrentUsername());
> {code}
> Providing a fully qualified DN as a second argument modifies the "top-level" directory
used in the search:
> {code}
> $groups = $sso->retrieveGroupsForUser($sso->getCurrentUsername(),SSO_GROUPS_DN);
> {code} 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message