You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Carl Myers <cm...@palantirtech.com> on 2010/03/11 20:16:23 UTC
Nested Groups and the Atlassian Crowd Connector
Hey all,
I am having some trouble with nested groups. My application makes a
call to crowd (1.6.1), which then connects to ApacheDS 1.5.5 using the
ApacheDS15 connector.
The actual call made by my app is:
com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider.authenticate(Authentication
a)
The groups it gets back contain some, but not all, nested groups. I
think this is a bug in either their connector or their spring security
code. I know you guys are NOT Atlassian support, I have already filed a
bug on them to try and get this answered, but in the meantime, I was
thinking about what workarounds might be possible.
One workaround that occured to me is: Can ApacheDS be configured to
automatically flatten nested groups, and always return transitive members?
This would be a "quick but dirty fix" for my problem, but I'd take what
I could get.
Thanks!
--
Carl Myers
Palantir Technologies | Internal Tools Software Engineer
cmyers@palantirtech.com
Re: Nested Groups and the Atlassian Crowd Connector
Posted by Alex Karasulu <ak...@gmail.com>.
We could write a stored procedure and initerceptor to do this I think.
But it takes time and work :)
On Fri, Mar 12, 2010 at 9:31 AM, Stefan Zoerner <st...@labeo.de> wrote:
> Hi Carl!
>
> Carl Myers wrote:
>>
>> One workaround that occured to me is: Can ApacheDS be configured to
>> automatically flatten nested groups, and always return transitive members?
>
> I assume no. At least it is not easy, to accomplish this task. A directory
> does not know, what nested groups are. It does not know, what groups are.
> For the directory they are simply entries. Nested groups are detected by
> performing several search requests as described here:
>
> http://middleware.internet2.edu/dir/groups/internet2-mace-dir-groups-best-practices-200210.htm#_memberOf_Algorithm
>
> Either the Crowd code contains an error, your it has problems with your data
> (which might by an error as well). Is it possible to configure a depth for
> the searches? Strange thing, that some nested groups a resolved, some are
> not ...
>
> Anyway. From an ApacheDS point of view, it would be possible to implement an
> interceptor which detects (and returns) all nested groups a user belongs to,
> if a specific search op is send to the server.
>
> But this would be custom application development, not a quick workaround.
>
> Greetings from Hamburg,
> StefanZ
>
>
--
Alex Karasulu
My Blog :: http://www.jroller.com/akarasulu/
Apache Directory Server :: http://directory.apache.org
Apache MINA :: http://mina.apache.org
Re: Nested Groups and the Atlassian Crowd Connector
Posted by Stefan Zoerner <st...@labeo.de>.
Hi Carl!
Carl Myers wrote:
> One workaround that occured to me is: Can ApacheDS be configured to
> automatically flatten nested groups, and always return transitive members?
I assume no. At least it is not easy, to accomplish this task. A
directory does not know, what nested groups are. It does not know, what
groups are. For the directory they are simply entries. Nested groups are
detected by performing several search requests as described here:
http://middleware.internet2.edu/dir/groups/internet2-mace-dir-groups-best-practices-200210.htm#_memberOf_Algorithm
Either the Crowd code contains an error, your it has problems with your
data (which might by an error as well). Is it possible to configure a
depth for the searches? Strange thing, that some nested groups a
resolved, some are not ...
Anyway. From an ApacheDS point of view, it would be possible to
implement an interceptor which detects (and returns) all nested groups a
user belongs to, if a specific search op is send to the server.
But this would be custom application development, not a quick workaround.
Greetings from Hamburg,
StefanZ