You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@isis.apache.org by "Dan Haywood (JIRA)" <ji...@apache.org> on 2015/07/10 14:49:05 UTC
[jira] [Resolved] (ISIS-1162) For Shiro Realm,Make LDAP attributes
as permision generator
[ https://issues.apache.org/jira/browse/ISIS-1162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Haywood resolved ISIS-1162.
-------------------------------
Resolution: Fixed
> For Shiro Realm,Make LDAP attributes as permision generator
> -----------------------------------------------------------
>
> Key: ISIS-1162
> URL: https://issues.apache.org/jira/browse/ISIS-1162
> Project: Isis
> Issue Type: Improvement
> Components: Core: Security: Shiro
> Affects Versions: core-1.8.0
> Reporter: sebastien diaz
> Assignee: Dan Haywood
> Fix For: 1.9.0
>
>
> Add attribute for permission ldap extraction
> I propose new permisions creation from LDAP attribute
> Alternatively, permissions can be extracted from the base itself with the parameter searchUserBase,
> the attribute list as userExtractedAttribute and the permission url as permissionByUserAttribute.
> The idea is to extract attribute from the user or the group of the user and map directly to permission rule in replacing the string {attribute} by the extracted attribute (can me multiple).
> See the sample for group and user attribute and mapping:
> ldapRealm.searchUserBase = ou=users,o=mojo
> ldapRealm.userObjectClass=inetOrgPerson
> ldapRealm.userObjectClass=organizationnalPerson
> ldapRealm.groupExtractedAttribute=street,country
> ldapRealm.userExtractedAttribute=street,country
> ldapRealm.permissionByGroupAttribute=attribute:Folder.{street}:Read,attribute:Portfolio.{country}
> ldapRealm.permissionByUserAttribute=attribute:Folder.{street}:Read,attribute:Portfolio.{country}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)