You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by "Ate Douma (JIRA)" <je...@portals.apache.org> on 2007/12/21 17:28:43 UTC

[jira] Resolved: (JS2-836) Lookup of LDAP users per role using a role membership attribute on a user is broken

     [ https://issues.apache.org/jira/browse/JS2-836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ate Douma resolved JS2-836.
---------------------------

       Resolution: Fixed
    Fix Version/s: 2.2

Patch applied, thanks

> Lookup of LDAP users per role using a role membership attribute on a user is broken
> -----------------------------------------------------------------------------------
>
>                 Key: JS2-836
>                 URL: https://issues.apache.org/jira/browse/JS2-836
>             Project: Jetspeed 2
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.1.3
>            Reporter: Dennis Dam
>            Assignee: Ate Douma
>            Priority: Minor
>             Fix For: 2.1.3, 2.2
>
>         Attachments: JS2-836.patch
>
>
> See the discussion on the Jetspeed user list starting on december 3rd, 2007 : "Users and Roles definition with LDAP".
> The problem is that there is a conflict between how roles are assigned to users, and the way users are found, which belong to a specific role. 
> When user-role membership attributes are used (i.e. you define in an attribute on the user which roles the user has, by default this is the 'j2-role' attribute), a role is assigned to a user using the role's DN, for example 'uid=someRole,ou=Roles,o=sevenSeas'. However, to lookup the users for a role (using the user-role membership attribute), the LdapMembershipDaoImpl.searchUsersFromRoleByUser(roleUid) is used, which constructs a LDAP query which searches for the role UID value in each user's role attribute. Hence, no users are found because role attributes on the users contain role DNs instead of UIDs.
> The reverse lookup, namely looking up which roles a user has works, because the method assumes there can be *either* a role UID *or* a role DN in the role attribute of a user (see method LdapMembershipDaoImpl.searchRoleMemberShipByUser() )
> So basically, the LdapMembershipDaoImpl.searchUsersFromRoleByUser(roleUid) should look for role DNs as well as UIDs

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org