You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2015/04/30 17:42:06 UTC

[jira] [Updated] (CXF-6303) Multi Group and User BaseDN Support for LdapGroupClaimsHandler

     [ https://issues.apache.org/jira/browse/CXF-6303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Kulp updated CXF-6303:
-----------------------------
    Fix Version/s:     (was: 3.0.5)
                       (was: 2.7.16)
                       (was: 3.1.0)

> Multi Group and User BaseDN Support for LdapGroupClaimsHandler
> --------------------------------------------------------------
>
>                 Key: CXF-6303
>                 URL: https://issues.apache.org/jira/browse/CXF-6303
>             Project: CXF
>          Issue Type: Improvement
>          Components: STS
>    Affects Versions: 3.1.0, 2.7.16, 3.0.5
>            Reporter: Christian Schmülling
>            Assignee: Colm O hEigeartaigh
>              Labels: Claim, STS
>   Original Estimate: 72h
>  Remaining Estimate: 72h
>
> The current implementation of the LdapGroupClaimsHandler only allows to define a single DN for your group and user search base. In cases when groups and users are spread in multiple OUs which do not share a common OU, it is not possible to collect claims for all the users.
> Sample:
> CN=group1,OU=Internal-Group,DC=MY,DC=DOMAIN,DC=COM
> CN=group2,OU=External-Group,DC=MY,DC=DOMAIN,DC=COM
> Setting the "groupBaseDN" to "OU=Internal-Group,DC=MY,DC=DOMAIN,DC=COM" would cause that roles for Bob could not be resolved.
> My proposal is to add properties "groupBaseDNs" and "userBaseDNs" to the LdapGroupClaimsHandler containing a List<String> of groupBaseDN and userBaseDN. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)