Repository: karaf Updated Branches: refs/heads/karaf-2.3.x ffe1e2601 -> 46b12f465 refs/heads/karaf-3.0.x 517ac1325 -> c806614f5 refs/heads/master e327f89dc -> b004bbfd5
KARAF-3105 - consolidate fqdn and nsdn as they are equivalent Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/46b12f46 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/46b12f46 Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/46b12f46 Branch: refs/heads/karaf-2.3.x Commit: 46b12f465d13381803ede847649aa2ec07e6ee92 Parents: ffe1e26 Author: Jonathan Anstey <[email protected]> Authored: Thu Mar 5 12:48:43 2015 -0330 Committer: Jonathan Anstey <[email protected]> Committed: Thu Mar 5 12:48:43 2015 -0330 ---------------------------------------------------------------------- .../java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java | 3 +-- manual/src/main/webapp/developers-guide/security-framework.conf | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/46b12f46/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java ---------------------------------------------------------------------- diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java index ba2ed65..cd0293d 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java @@ -325,8 +325,7 @@ public class LDAPLoginModule extends AbstractKarafLoginModule { logger.debug(" base DN: " + roleBaseDN); roleFilter = roleFilter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user)); roleFilter = roleFilter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDN)); - roleFilter = roleFilter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDN + "," + userBaseDN)); - roleFilter = roleFilter.replaceAll(Pattern.quote("%nsdn"), Matcher.quoteReplacement(userDNNamespace)); + roleFilter = roleFilter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDNNamespace)); roleFilter = roleFilter.replace("\\", "\\\\"); logger.debug(" filter: " + roleFilter); NamingEnumeration namingEnumeration = context.search(roleBaseDN, roleFilter, controls); http://git-wip-us.apache.org/repos/asf/karaf/blob/46b12f46/manual/src/main/webapp/developers-guide/security-framework.conf ---------------------------------------------------------------------- diff --git a/manual/src/main/webapp/developers-guide/security-framework.conf b/manual/src/main/webapp/developers-guide/security-framework.conf index 6e15be5..e0305ed 100644 --- a/manual/src/main/webapp/developers-guide/security-framework.conf +++ b/manual/src/main/webapp/developers-guide/security-framework.conf @@ -372,8 +372,7 @@ The LDAPLoginModule supports the following patterns that you can use in the filt * {{%u}} is replaced by the user * {{%dn}} is replaced by the user DN -* {{%fqdn}} is replaced by the user full qualified DN ({{userDN,userBaseDN}}). -* {{%nsdn}} is replaced by the userDNNamespace (interesting especially for ActiveDirectory). +* {{%fqdn}} is replaced by the user full qualified DN ({{userDNNamespace}}). NB: the LDAPLoginModule doesn't provide backend engine. It means that the administration of the users and roles should be performed directly on the LDAP backend.
