shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Demers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SHIRO-640) Support user search LDAP expressions
Date Mon, 06 Nov 2017 18:05:00 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16240631#comment-16240631
] 

Brian Demers commented on SHIRO-640:
------------------------------------

Using the ActiveDirectoryRealm, you should be able to set the {{searchFilter}} 
It defaults to: {code}(&(objectClass=*)(userPrincipalName={0})){code}

> Support user search LDAP expressions
> ------------------------------------
>
>                 Key: SHIRO-640
>                 URL: https://issues.apache.org/jira/browse/SHIRO-640
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Realms 
>    Affects Versions: 1.2.3
>            Reporter: mephi42
>            Priority: Trivial
>
> I'm trying to deploy Apache Zeppelin (https://zeppelin.apache.org/), which uses Shiro
for security. In our organization LDAP is set up in a way that everybody authenticates using
email address (which is not part of DN), rather than UID (which is part of DN, but looks extremely
ugly).
> Other solutions integrate with this scheme by letting me configure LDAP search expression
to resolve user DN, for example: (&(mail=%s)(objectclass=Person)). The resolved DN is
then used in a regular way for authentication.
> I wonder if it would be possible to add such functionality to Shiro?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message