shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Demers (JIRA)" <>
Subject [jira] [Commented] (SHIRO-640) Support user search LDAP expressions
Date Mon, 06 Nov 2017 18:05:00 GMT


Brian Demers commented on SHIRO-640:

Using the ActiveDirectoryRealm, you should be able to set the {{searchFilter}} 
It defaults to: {code}(&(objectClass=*)(userPrincipalName={0})){code}

> Support user search LDAP expressions
> ------------------------------------
>                 Key: SHIRO-640
>                 URL:
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Realms 
>    Affects Versions: 1.2.3
>            Reporter: mephi42
>            Priority: Trivial
> I'm trying to deploy Apache Zeppelin (, which uses Shiro
for security. In our organization LDAP is set up in a way that everybody authenticates using
email address (which is not part of DN), rather than UID (which is part of DN, but looks extremely
> Other solutions integrate with this scheme by letting me configure LDAP search expression
to resolve user DN, for example: (&(mail=%s)(objectclass=Person)). The resolved DN is
then used in a regular way for authentication.
> I wonder if it would be possible to add such functionality to Shiro?

This message was sent by Atlassian JIRA

View raw message