shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "mephi42 (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SHIRO-640) Support user search LDAP expressions
Date Sat, 18 Nov 2017 13:54:01 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16258079#comment-16258079
] 

mephi42 commented on SHIRO-640:
-------------------------------

The following change made it work for me:

https://github.com/mephi42/shiro/commits/resolve-ldap-dn

This is basically a duplication of getRoleNamesForUser() logic on authentication path.

I wonder if this change in some form can be accepted upstream?
I guess the way it is implemented right now may break some existing users, but I am willing
to work on improving it.

> Support user search LDAP expressions
> ------------------------------------
>
>                 Key: SHIRO-640
>                 URL: https://issues.apache.org/jira/browse/SHIRO-640
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Realms 
>    Affects Versions: 1.2.3
>            Reporter: mephi42
>            Priority: Trivial
>
> I'm trying to deploy Apache Zeppelin (https://zeppelin.apache.org/), which uses Shiro
for security. In our organization LDAP is set up in a way that everybody authenticates using
email address (which is not part of DN), rather than UID (which is part of DN, but looks extremely
ugly).
> Other solutions integrate with this scheme by letting me configure LDAP search expression
to resolve user DN, for example: (&(mail=%s)(objectclass=Person)). The resolved DN is
then used in a regular way for authentication.
> I wonder if it would be possible to add such functionality to Shiro?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message