'[jira] [Comment Edited] (JUDDI-405) Improve LDAP integration'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       scout-dev
Subject:    [jira] [Comment Edited] (JUDDI-405) Improve LDAP integration
From:       "Alex O'Ree (JIRA)" <juddi-dev () ws ! apache ! org>
Date:       2013-05-30 23:07:20
Message-ID: JIRA.12468192.1277841816800.44007.1369955240655 () arcas
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/JUDDI-405?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13592921#comment-13592921 \
] 

Alex O'Ree edited comment on JUDDI-405 at 5/30/13 11:06 PM:
------------------------------------------------------------

Consider the following ldap user
username=bob.smith
upn=bob.smith@mydomain.com
uid=bob.smith
dn=CN=bob smith, OU=users,DC=mydomain, DC=com
memberOf=CN=UDDI Publishers, OU=users, DC=mydomain, DC=com

Right now, we can only authentication as "bob.smith"? and you want to be able to \
authenticate as any unique ldap attribute? Or is the problem more of an authorization \
thing, meaning you want only users in the group "UDDI Publishers" to be able to \
publish?

                
      was (Author: spyhunter99):
    This problem is easily solvable with a container level authentication. \
Thankfully, OASIS solved that problem for us. Let me see if I understand this. \
Consider the following ldap user username=bob.smith
upn=bob.smith@mydomain.com
uid=bob.smith
dn=CN=bob smith, OU=users,DC=mydomain, DC=com
memberOf=CN=UDDI Publishers, OU=users, DC=mydomain, DC=com

Right now, we can only authentication as "bob.smith"? and you want to be able to \
authenticate as any unique ldap attribute? Or is the problem more of an authorization \
thing, meaning you want only users in the group "UDDI Publishers" to be able to \
publish?

                  
> Improve LDAP integration
> ------------------------
> 
> Key: JUDDI-405
> URL: https://issues.apache.org/jira/browse/JUDDI-405
> Project: jUDDI
> Issue Type: Bug
> Affects Versions: 3.1.1
> Reporter: Tom Cunningham
> Assignee: Tom Cunningham
> 
> The SimpleLDAPAuthenticator assumes that the SECURITY_PRINCIPAL is the same thing \
> as the Publisher ID, which doesn't make much sense for LDAP.        I think we \
> should extend this a bit so that we get the uid out of LDAP and use that as the \
> default mapping for the publisher ID - I think that makes a lot more sense and \
> allows the user to send whatever bind name they want in for the get_auth_token \
> username. Also, should look at the context connection again and see if we can \
> persist this, although I had a lot of problems trying to get a reconnecting \
> connection to work on OpenLDAP.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic