You are correct, the directory structure does not follow that particular convention.
I'm guessing that whatever tool you use to manage users in ldap would also have to ensure that data stays synched between the two trees, or else you'd quickly have a mess on your hands. I'll check into it, thanks for the tip. I've updated my walkthrough... basically just the "Oh really" section. Thanks Again, Daniel On Mon, Aug 30, 2010 at 11:36 AM, Marvin Addison <[email protected]> wrote: >> It looks like group info in ldap is not stored as an attribute of the user >> entry. It is stored with the group entry, and looked up with an additional >> ldap query. I wasn't able to see LdapPersonAttributeDao doing that > > You're right that LdapPersonAttributeDao expects to perform a single > query for attributes on the user entry. I'm curious about your > directory structure where group information isn't attached to the > user. It's pretty common, although by no means a standard, to have a > member attribute or similar that lists all the groups of which the > user is a member. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
