You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2015/04/30 17:42:06 UTC
[jira] [Updated] (CXF-6303) Multi Group and User BaseDN Support for
LdapGroupClaimsHandler
[ https://issues.apache.org/jira/browse/CXF-6303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Kulp updated CXF-6303:
-----------------------------
Fix Version/s: (was: 3.0.5)
(was: 2.7.16)
(was: 3.1.0)
> Multi Group and User BaseDN Support for LdapGroupClaimsHandler
> --------------------------------------------------------------
>
> Key: CXF-6303
> URL: https://issues.apache.org/jira/browse/CXF-6303
> Project: CXF
> Issue Type: Improvement
> Components: STS
> Affects Versions: 3.1.0, 2.7.16, 3.0.5
> Reporter: Christian Schmülling
> Assignee: Colm O hEigeartaigh
> Labels: Claim, STS
> Original Estimate: 72h
> Remaining Estimate: 72h
>
> The current implementation of the LdapGroupClaimsHandler only allows to define a single DN for your group and user search base. In cases when groups and users are spread in multiple OUs which do not share a common OU, it is not possible to collect claims for all the users.
> Sample:
> CN=group1,OU=Internal-Group,DC=MY,DC=DOMAIN,DC=COM
> CN=group2,OU=External-Group,DC=MY,DC=DOMAIN,DC=COM
> Setting the "groupBaseDN" to "OU=Internal-Group,DC=MY,DC=DOMAIN,DC=COM" would cause that roles for Bob could not be resolved.
> My proposal is to add properties "groupBaseDNs" and "userBaseDNs" to the LdapGroupClaimsHandler containing a List<String> of groupBaseDN and userBaseDN.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)