You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Daniil Kirilyuk (Jira)" <ji...@apache.org> on 2023/02/21 14:16:00 UTC

[jira] [Updated] (QPID-8625) [Broker-J] ACL rules require full DN when using LDAP authentication

     [ https://issues.apache.org/jira/browse/QPID-8625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniil Kirilyuk updated QPID-8625:
----------------------------------
    Description: 
Currently a reference to a LDAP user in ACL rules requires full DN, e.g.:
{code:java}
ACL ALLOW "cn=danlangford,ou=000,ou=People,o=MyEnterprise" ALL {code}
It would be beneficial to allow usage of a CN instead:
{code:java}
ACL ALLOW "cn=danlangford" ALL {code}
or
{code:java}
ACL ALLOW danlangford ALL {code}

  was:
Currently a reference to a LDAP user in ACL rules requires full DN, e.g.:

 
{code:java}
ACL ALLOW "cn=danlangford,ou=000,ou=People,o=MyEnterprise" ALL {code}
It would be beneficial to allow usage of a CN instead:

 

 
{code:java}
ACL ALLOW "cn=danlangford" ALL {code}
or

 
{code:java}
ACL ALLOW danlangford ALL {code}


> [Broker-J] ACL rules require full DN when using LDAP authentication
> -------------------------------------------------------------------
>
>                 Key: QPID-8625
>                 URL: https://issues.apache.org/jira/browse/QPID-8625
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Broker-J
>    Affects Versions: qpid-java-broker-9.0.0
>            Reporter: Daniil Kirilyuk
>            Priority: Minor
>             Fix For: qpid-java-broker-9.0.1
>
>
> Currently a reference to a LDAP user in ACL rules requires full DN, e.g.:
> {code:java}
> ACL ALLOW "cn=danlangford,ou=000,ou=People,o=MyEnterprise" ALL {code}
> It would be beneficial to allow usage of a CN instead:
> {code:java}
> ACL ALLOW "cn=danlangford" ALL {code}
> or
> {code:java}
> ACL ALLOW danlangford ALL {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org