shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Russell Miller (JIRA)" <>
Subject [jira] [Created] (SHIRO-538) AD and JndiLdapContextFactory don't work well together
Date Thu, 06 Aug 2015 21:45:04 GMT
Russell Miller created SHIRO-538:

             Summary: AD and JndiLdapContextFactory don't work well together
                 Key: SHIRO-538
             Project: Shiro
          Issue Type: Bug
          Components: Realms 
    Affects Versions: 1.2.3
            Reporter: Russell Miller
            Priority: Minor

All of the documentation I have read says to do something similar to this when setting up

contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory
contextFactory.url = ldaps://
contextFactory.systemUsername =
contextFactory.systemPassword = password
contextFactory.environment[] = ssl

realm = org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
realm.ldapContextFactory = $contextFactory
realm.searchBase = "CN=Users,DC=DOMAIN,DC=com"
realm.groupRolesMap = "CN=ShiroUsers,CN=Users,DC=DOMAIN,DC=com":"ShiroUsersRole"

It doesn't work.  The reason is that searchBase is not exposed in the JndiLdapContextFactory,
but it still overrides searchBase.  Thus when injecting a JndiLdapContextFactory into an ActiveDirectoryRealm,
it is not possible to set a searchBase without overriding JndiLdapContextFactory.

And the worst thing is, this isn't even needed.   If you set the url in the AD realm to ldaps://blah:636,
it automatically uses SSL and a context factory isn't even needed.

Suggest updating the docs where appropriate, and suggest fixing JndiLdapContextFactory so
that it can handle SearchBase.


This message was sent by Atlassian JIRA

View raw message