You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Merve Temizer <me...@gmail.com> on 2012/09/04 10:41:28 UTC
Suborganizations and Unique id
Hello,
I can succesfully authenticate my application with ApacheDS
But know i use only one domain.
I want to add subdomains or sub organizations under root domain.
For example a root organization as
dc=example,dc=com
and sub organizations dc=x
another sub organization dc=y
Now i can authenticate users using uid attribute
like:
user-search-filter="(uid={0})"
i use login name like user1, without a @ postfix
But i want to have suborganizations and i want to use user1@x.example.com
Is it possible and how?
My application is a spring application but i think subject is independent
from my application side.
Re: Suborganizations and Unique id
Posted by Linus van Geuns <li...@vangeuns.name>.
Hey,
On Tue, Sep 4, 2012 at 10:41 AM, Merve Temizer <me...@gmail.com> wrote:
> Hello,
>
> I can succesfully authenticate my application with ApacheDS
>
> But know i use only one domain.
>
> I want to add subdomains or sub organizations under root domain.
>
> For example a root organization as
>
> dc=example,dc=com
>
> and sub organizations dc=x
>
> another sub organization dc=y
>
> Now i can authenticate users using uid attribute
>
> like:
>
> user-search-filter="(uid={0})"
>
> i use login name like user1, without a @ postfix
>
> But i want to have suborganizations and i want to use user1@x.example.com
>
> Is it possible and how?
>
> My application is a spring application but i think subject is independent
> from my application side.
In general, the most flexible solution would be to rebuild the domain
structure within your DIT and place the user/account objects within
their domain.
This would require your application to either (a) build the search
base DN (baseObject) from the users domain/realm or (b) search for the
domain name (subsequent searches for each label) within your DIT to
get the search base to find the corresponding user/account object.
A solution that would be less complex for the application(s) to handle
is to build aliases using "$user@$domain" to find the corresponding
user/account object.
Regards, Linus