You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@juddi.apache.org by "Alex O'Ree (JIRA)" <ju...@ws.apache.org> on 2013/03/05 02:42:11 UTC

[jira] [Commented] (JUDDI-405) Improve LDAP integration

    [ https://issues.apache.org/jira/browse/JUDDI-405?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13592921#comment-13592921 ] 

Alex O'Ree commented on JUDDI-405:
----------------------------------

This problem is easily solvable with a container level authentication. Thankfully, OASIS solved that problem for us. Let me see if I understand this.
Consider the following ldap user
username=bob.smith
upn=bob.smith@mydomain.com
uid=bob.smith
dn=CN=bob smith, OU=users,DC=mydomain, DC=com
memberOf=CN=UDDI Publishers, OU=users, DC=mydomain, DC=com

Right now, we can only authentication as "bob.smith"? and you want to be able to authenticate as any unique ldap attribute? Or is the problem more of an authorization thing, meaning you want only users in the group "UDDI Publishers" to be able to publish?

                
> Improve LDAP integration
> ------------------------
>
>                 Key: JUDDI-405
>                 URL: https://issues.apache.org/jira/browse/JUDDI-405
>             Project: jUDDI
>          Issue Type: Bug
>    Affects Versions: 3.1.1
>            Reporter: Tom Cunningham
>            Assignee: Tom Cunningham
>             Fix For: 3.1.7
>
>
> The SimpleLDAPAuthenticator assumes that the SECURITY_PRINCIPAL is the same thing as the Publisher ID, which doesn't make much sense for LDAP.        I think we should extend this a bit so that we get the uid out of LDAP and use that as the default mapping for the publisher ID - I think that makes a lot more sense and allows the user to send whatever bind name they want in for the get_auth_token username.
> Also, should look at the context connection again and see if we can persist this, although I had a lot of problems trying to get a reconnecting connection to work on OpenLDAP.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira