You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Matthew Broadhead <ma...@nbmlaw.co.uk> on 2017/10/04 07:41:33 UTC

fediz ldap configuration

hi,

i have the fediz ldap configuration working with my own ldap server but 
i had to change my setup a little bit.

originally the groups structure (eg. 
cn=user,ou=groups,dc=example,dc=com) had objectClass of 
"groupOfUniqueNames" containing "uniquemember" elements. i had to change 
it to "groupOfNames" containing "member" elements.

is it possible to use the first structure?  it seems that would offer 
better data integrity by preventing duplicate entries?

Regards,
Matthew

Re: fediz ldap configuration

Posted by Matthew Broadhead <ma...@nbmlaw.co.uk>.

hi Colm,
it might work with groupOfUniqueNames but in the current ldap 
configuration role doesn't map to "uniquemember".
i will try changing 
services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml to see if that works
<util:map>
...
     <entry
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
             value="member" />
...
</util:map>

On 06/10/2017 19:04, Colm O hEigeartaigh wrote:
> Hi Matthew,
>
> Are you saying that Fediz would not work with groupOfUniqueNames?
>
> Colm.
>
> On Wed, Oct 4, 2017 at 8:41 AM, Matthew Broadhead <
> matthew.broadhead@nbmlaw.co.uk> wrote:
>
>> hi,
>>
>> i have the fediz ldap configuration working with my own ldap server but i
>> had to change my setup a little bit.
>>
>> originally the groups structure (eg. cn=user,ou=groups,dc=example,dc=com)
>> had objectClass of "groupOfUniqueNames" containing "uniquemember" elements.
>> i had to change it to "groupOfNames" containing "member" elements.
>>
>> is it possible to use the first structure?  it seems that would offer
>> better data integrity by preventing duplicate entries?
>>
>> Regards,
>> Matthew
>>
>
>

Re: fediz ldap configuration

Posted by Colm O hEigeartaigh <co...@apache.org>.

Hi Matthew,

Are you saying that Fediz would not work with groupOfUniqueNames?

Colm.

On Wed, Oct 4, 2017 at 8:41 AM, Matthew Broadhead <
matthew.broadhead@nbmlaw.co.uk> wrote:

> hi,
>
> i have the fediz ldap configuration working with my own ldap server but i
> had to change my setup a little bit.
>
> originally the groups structure (eg. cn=user,ou=groups,dc=example,dc=com)
> had objectClass of "groupOfUniqueNames" containing "uniquemember" elements.
> i had to change it to "groupOfNames" containing "member" elements.
>
> is it possible to use the first structure?  it seems that would offer
> better data integrity by preventing duplicate entries?
>
> Regards,
> Matthew
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com