You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@directory.apache.org by Merve Temizer <me...@gmail.com> on 2012/09/04 10:41:28 UTC

Suborganizations and Unique id

Hello,

I can succesfully authenticate my application with ApacheDS

But know i use only one domain.

I want to add subdomains or sub organizations under root domain.

For example a root organization as

dc=example,dc=com

and sub organizations dc=x

another sub organization dc=y

Now i can authenticate users using uid attribute

like:

user-search-filter="(uid={0})"

i use login name like user1, without a @ postfix

But i want to have suborganizations and i want to use user1@x.example.com

Is it possible and how?

My application is a spring application but i think subject is independent
from my application side.

Re: Suborganizations and Unique id

Posted by Linus van Geuns <li...@vangeuns.name>.

Hey,

On Tue, Sep 4, 2012 at 10:41 AM, Merve Temizer <me...@gmail.com> wrote:
> Hello,
>
> I can succesfully authenticate my application with ApacheDS
>
> But know i use only one domain.
>
> I want to add subdomains or sub organizations under root domain.
>
> For example a root organization as
>
> dc=example,dc=com
>
> and sub organizations dc=x
>
> another sub organization dc=y
>
> Now i can authenticate users using uid attribute
>
> like:
>
> user-search-filter="(uid={0})"
>
> i use login name like user1, without a @ postfix
>
> But i want to have suborganizations and i want to use user1@x.example.com
>
> Is it possible and how?
>
> My application is a spring application but i think subject is independent
> from my application side.

In general, the most flexible solution would be to rebuild the domain
structure within your DIT and place the user/account objects within
their domain.
This would require your application to either (a) build the search
base DN (baseObject) from the users domain/realm or (b) search for the
domain name (subsequent searches for each label) within your DIT to
get the search base to find the corresponding user/account object.

A solution that would be less complex for the application(s) to handle
is to build aliases using "$user@$domain" to find the corresponding
user/account object.

Regards, Linus