You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Kurt Westerfeld (JIRA)" <ji...@apache.org> on 2011/05/02 04:34:03 UTC
[jira] [Created] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
----------------------------------------------------------------------
Key: KARAF-606
URL: https://issues.apache.org/jira/browse/KARAF-606
Project: Karaf
Issue Type: Improvement
Components: runtime
Affects Versions: 2.2.0
Environment: Windows/any
Reporter: Kurt Westerfeld
The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
Posted by "Kurt Westerfeld (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kurt Westerfeld updated KARAF-606:
----------------------------------
Attachment: KARAF-606.patch
Patch to special-case "dn" attribute during search processing.
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: runtime
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (KARAF-606) JAAS: Allow LDAPLoginModule to
supply role "DN" from LDAP group search
Posted by "Jean-Baptiste Onofré (Commented JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13163625#comment-13163625 ]
Jean-Baptiste Onofré commented on KARAF-606:
--------------------------------------------
Fixed on karaf-2.2.x: revision 1210938.
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: karaf-core
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Assignee: Jean-Baptiste Onofré
> Fix For: 2.2.1, 2.2.5, 3.0.0
>
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
Posted by "Jean-Baptiste Onofré (Resolved JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré resolved KARAF-606.
----------------------------------------
Resolution: Fixed
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: karaf-core
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Assignee: Jean-Baptiste Onofré
> Fix For: 2.2.5, 3.0.0, 2.2.1
>
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
Posted by "Jean-Baptiste Onofré (Updated JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated KARAF-606:
---------------------------------------
Fix Version/s: 2.2.5
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: karaf-core
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Assignee: Jean-Baptiste Onofré
> Fix For: 2.2.1, 2.2.5, 3.0.0
>
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (KARAF-606) JAAS: Allow LDAPLoginModule to
supply role "DN" from LDAP group search
Posted by "Kurt Westerfeld (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13027533#comment-13027533 ]
Kurt Westerfeld commented on KARAF-606:
---------------------------------------
Just a note on why we need this improvement.
In our application, we actually have areas of code which refer to external LDAP groups for fine-grained authorization support. For our application to use JAAS properly, we want to have access to the user's group memberships and tie the actual group's DN to ACLs. We would like to use the LDAPLoginModule to support this use-case.
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: runtime
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
Posted by "Kurt Westerfeld (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kurt Westerfeld updated KARAF-606:
----------------------------------
Comment: was deleted
(was: Patch to special-case "dn" attribute during search processing.)
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: runtime
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
Posted by "Kurt Westerfeld (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kurt Westerfeld updated KARAF-606:
----------------------------------
Attachment: (was: KARAF-606.patch)
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: runtime
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (KARAF-606) JAAS: Allow LDAPLoginModule to
supply role "DN" from LDAP group search
Posted by "Jean-Baptiste Onofré (Commented JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13162818#comment-13162818 ]
Jean-Baptiste Onofré commented on KARAF-606:
--------------------------------------------
Thanks for the update Guillaume, I fix it.
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: karaf-core
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Assignee: Jean-Baptiste Onofré
> Fix For: 2.2.1, 3.0.0
>
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
Posted by "Kurt Westerfeld (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kurt Westerfeld updated KARAF-606:
----------------------------------
Comment: was deleted
(was: Patch to special-case "dn" attribute during search processing. )
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: runtime
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
Posted by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated KARAF-606:
---------------------------------------
Fix Version/s: 3.0.0
2.2.1
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: runtime
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Assignee: Jean-Baptiste Onofré
> Fix For: 2.2.1, 3.0.0
>
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
Posted by "Kurt Westerfeld (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kurt Westerfeld updated KARAF-606:
----------------------------------
Attachment: KARAF-606.patch
Patch to handle non-default attributes by using SearchControls.setReturningAttributes() and supplying "roleNameAttribute" explicitly.
This allows any non-default (ie. computed, synthetic) LDAP attribute to be retrieved.
Previous version depended on the attribute being sent back as a result of the query. This change makes the attribute requirement explicit.
To retrieve the distinguished name, the configuration must specify "entryDN" or "distinguishedName", depending on the directory implementation.
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: runtime
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Reopened] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
Posted by "Guillaume Nodet (Reopened) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Guillaume Nodet reopened KARAF-606:
-----------------------------------
The roleNameAttribute is now mandatory but should stay optional.
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: karaf-core
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Assignee: Jean-Baptiste Onofré
> Fix For: 2.2.1, 3.0.0
>
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
Posted by "Kurt Westerfeld (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kurt Westerfeld updated KARAF-606:
----------------------------------
Attachment: KARAF-606.patch
Patch to special-case "dn" attribute during search processing.
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: runtime
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (KARAF-606) JAAS: Allow LDAPLoginModule to
supply role "DN" from LDAP group search
Posted by "Jean-Baptiste Onofré (Commented JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13163619#comment-13163619 ]
Jean-Baptiste Onofré commented on KARAF-606:
--------------------------------------------
Fixed on trunk: revision 1210932.
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: karaf-core
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Assignee: Jean-Baptiste Onofré
> Fix For: 2.2.1, 2.2.5, 3.0.0
>
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
Posted by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré reassigned KARAF-606:
------------------------------------------
Assignee: Jean-Baptiste Onofré
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: runtime
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Assignee: Jean-Baptiste Onofré
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
Posted by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré resolved KARAF-606.
----------------------------------------
Resolution: Fixed
Fix on trunk: revision 1099702.
Fix on karaf-2.2.x: revision 1099704.
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: runtime
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Assignee: Jean-Baptiste Onofré
> Fix For: 2.2.1, 3.0.0
>
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
Posted by "Jamie goodyear (Closed) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jamie goodyear closed KARAF-606.
--------------------------------
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: karaf-core
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Assignee: Jean-Baptiste Onofré
> Fix For: 2.2.1, 2.2.5, 3.0.0
>
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Work started] (KARAF-606) JAAS: Allow LDAPLoginModule to
supply role "DN" from LDAP group search
Posted by "Jean-Baptiste Onofré (Work started JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on KARAF-606 started by Jean-Baptiste Onofré.
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: karaf-core
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
> Assignee: Jean-Baptiste Onofré
> Fix For: 2.2.1, 3.0.0
>
> Attachments: KARAF-606.patch
>
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (KARAF-606) JAAS: Allow LDAPLoginModule to supply
role "DN" from LDAP group search
Posted by "Kurt Westerfeld (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KARAF-606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kurt Westerfeld updated KARAF-606:
----------------------------------
Attachment: (was: KARAF-606.patch)
> JAAS: Allow LDAPLoginModule to supply role "DN" from LDAP group search
> ----------------------------------------------------------------------
>
> Key: KARAF-606
> URL: https://issues.apache.org/jira/browse/KARAF-606
> Project: Karaf
> Issue Type: Improvement
> Components: runtime
> Affects Versions: 2.2.0
> Environment: Windows/any
> Reporter: Kurt Westerfeld
>
> The LDAPLoginModule has the ability to supply a configuration variable (role.name.attribute) to use when creating a role. This value can be changed from "cn" to any of a number LDAP attributes. However it cannot access the actual distinguished name of the queried groups while processing a login, as "dn" or "distinguishedName", "entryDN", etc., are not universally supported across LDAP implementations as an attribute.
> Proposal to special case "dn" and use javax.naming.directory.SearchResult.getNameInNamespace(), which returns the dn of the found groups when converting to a role.
> This is a very small change; will provide a patch.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira