shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: ActiveDirectoryRealm hasRole?
Date Tue, 08 Jan 2013 17:57:52 GMT
Hi John,

I'm surprised to hear of this since I'm unaware of it failing for others
(but maybe others subclass it often and this isn't a problem - who knows).
 Can you please provide a patch to fix it?  We can incorporate a patch asap.

Best,

--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk


On Mon, Jan 7, 2013 at 9:33 PM, John Vines <vines@apache.org> wrote:

> Anyone have any idea on this one? This not working sorta defeats the
> purpose of using LDAP as an authorization realm.
>
>
> On Fri, Dec 21, 2012 at 2:46 PM, John Vines <vines@apache.org> wrote:
>
>> So I was able to determine that subjectPrincipalName was not being set,
>> so adding that actually got the ldap query on line 174 to return something.
>> However, memberOf is not part of the result set. So it returns nothing.
>> However, I was able to query is successfully using ldp and see the memberOf
>> attribute ( http://i.imgur.com/yhN1t.png ). Any thoughts?
>>
>>
>> On Thu, Dec 20, 2012 at 9:59 PM, Les Hazlewood <lhazlewood@apache.org>wrote:
>>
>>> Hi John,
>>>
>>> Here's the part of code that does the ActiveDirectory role lookup:
>>>
>>>
>>> http://shiro.apache.org/static/current/xref/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.html#136
>>>
>>> It uses the 'memberOf' attribute to determine Roles.
>>>
>>> HTH!
>>>
>>> --
>>> Les Hazlewood | @lhazlewood
>>> CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
>>> Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk
>>>
>>> On Thu, Dec 20, 2012 at 4:57 PM, John Vines <vines@apache.org> wrote:
>>> > I will preface this with I am fairly green when it comes to LDAP and
>>> AD. The
>>> > ActiveDirectoryRealm.hasRole() call, does that work against a Role or a
>>> > Group? If the former, is there a way to do checks against Group
>>> membership
>>> > from SecurityManager? I'm having issues having hasRole work against an
>>> AD
>>> > instance and I find myself to be a bit stuck due to lack of knowledge
>>> of
>>> > both AD/LDAP and Shiro's role/permission support.
>>> >
>>> > Thanks
>>> > John
>>>
>>
>>
>

Mime
View raw message