[prev in list] [next in list] [prev in thread] [next in thread]
List: scout-dev
Subject: [jira] [Comment Edited] (JUDDI-405) Improve LDAP integration
From: "Alex O'Ree (JIRA)" <juddi-dev () ws ! apache ! org>
Date: 2013-05-30 23:07:20
Message-ID: JIRA.12468192.1277841816800.44007.1369955240655 () arcas
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/JUDDI-405?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13592921#comment-13592921 \
]
Alex O'Ree edited comment on JUDDI-405 at 5/30/13 11:06 PM:
------------------------------------------------------------
Consider the following ldap user
username=bob.smith
upn=bob.smith@mydomain.com
uid=bob.smith
dn=CN=bob smith, OU=users,DC=mydomain, DC=com
memberOf=CN=UDDI Publishers, OU=users, DC=mydomain, DC=com
Right now, we can only authentication as "bob.smith"? and you want to be able to \
authenticate as any unique ldap attribute? Or is the problem more of an authorization \
thing, meaning you want only users in the group "UDDI Publishers" to be able to \
publish?
was (Author: spyhunter99):
This problem is easily solvable with a container level authentication. \
Thankfully, OASIS solved that problem for us. Let me see if I understand this. \
Consider the following ldap user username=bob.smith
upn=bob.smith@mydomain.com
uid=bob.smith
dn=CN=bob smith, OU=users,DC=mydomain, DC=com
memberOf=CN=UDDI Publishers, OU=users, DC=mydomain, DC=com
Right now, we can only authentication as "bob.smith"? and you want to be able to \
authenticate as any unique ldap attribute? Or is the problem more of an authorization \
thing, meaning you want only users in the group "UDDI Publishers" to be able to \
publish?
> Improve LDAP integration
> ------------------------
>
> Key: JUDDI-405
> URL: https://issues.apache.org/jira/browse/JUDDI-405
> Project: jUDDI
> Issue Type: Bug
> Affects Versions: 3.1.1
> Reporter: Tom Cunningham
> Assignee: Tom Cunningham
>
> The SimpleLDAPAuthenticator assumes that the SECURITY_PRINCIPAL is the same thing \
> as the Publisher ID, which doesn't make much sense for LDAP. I think we \
> should extend this a bit so that we get the uid out of LDAP and use that as the \
> default mapping for the publisher ID - I think that makes a lot more sense and \
> allows the user to send whatever bind name they want in for the get_auth_token \
> username. Also, should look at the context connection again and see if we can \
> persist this, although I had a lot of problems trying to get a reconnecting \
> connection to work on OpenLDAP.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic