shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "mephi42 (JIRA)" <>
Subject [jira] [Commented] (SHIRO-640) Support user search LDAP expressions
Date Sat, 18 Nov 2017 13:54:01 GMT


mephi42 commented on SHIRO-640:

The following change made it work for me:

This is basically a duplication of getRoleNamesForUser() logic on authentication path.

I wonder if this change in some form can be accepted upstream?
I guess the way it is implemented right now may break some existing users, but I am willing
to work on improving it.

> Support user search LDAP expressions
> ------------------------------------
>                 Key: SHIRO-640
>                 URL:
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Realms 
>    Affects Versions: 1.2.3
>            Reporter: mephi42
>            Priority: Trivial
> I'm trying to deploy Apache Zeppelin (, which uses Shiro
for security. In our organization LDAP is set up in a way that everybody authenticates using
email address (which is not part of DN), rather than UID (which is part of DN, but looks extremely
> Other solutions integrate with this scheme by letting me configure LDAP search expression
to resolve user DN, for example: (&(mail=%s)(objectclass=Person)). The resolved DN is
then used in a regular way for authentication.
> I wonder if it would be possible to add such functionality to Shiro?

This message was sent by Atlassian JIRA

View raw message