[
https://issues.apache.org/jira/browse/OODT-233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris A. Mattmann resolved OODT-233.
------------------------------------
Resolution: Won't Fix
never implemented, so must be not high priority
> allow users to (optionally) specify search directory when finding groups for
> username
> -------------------------------------------------------------------------------------
>
> Key: OODT-233
> URL: https://issues.apache.org/jira/browse/OODT-233
> Project: OODT
> Issue Type: Improvement
> Components: single sign on
> Environment: from JPL internal JIRA
> Reporter: Andrew Hart
> Fix For: 0.11
>
>
> The SingleSignOn (security) library defines a function:
> {code:title=SingleSignOn.php|borderStyle=solid}
> retrieveGroupsForUser($username) {...}
> {code}
> which connects to the LDAP server and attempts to identify all groups the
> provided username belongs to by executing the following filter:
> {code}
> $filter = "(&(objectClass=groupOfUniqueNames)"
> ."(uniqueMember=uid={$username}," . SSO_BASE_DN . "))";
> $result = ldap_search($ldapconn,SSO_BASE_DN,$filter,array('cn'));
> {code}
> This update proposes to allow a user to optionally specify a search directory
> other than the SSO_BASE_DN to use when searching for groups.
> By updating the method signature to optionally accept a search directory
> (defaulting to SSO_BASE_DN if none is provided), we can support a wider array
> of directory layouts with no impact to the default behavior:
> {code:title=SingleSignOn.php|borderStyle=solid}
> retrieveGroupsForUser($username,$searchDirectory = SSO_BASE_DN) {...}
> {code}
> The filter code would be updated to use the provided search directory:
> {code}
> $filter = "(&(objectClass=groupOfUniqueNames)"
> ."(uniqueMember=uid={$username}," . SSO_BASE_DN . "))";
> $result = ldap_search($ldapconn,$searchDirectory,$filter,array('cn'));
> {code}
> Existing implementations would not require any modification to their code,
> because the function continues to use SSO_BASE_DN unless a second argument is
> explicitly provided:
> {code}
> $groups = $sso->retrieveGroupsForUser($sso->getCurrentUsername());
> {code}
> Providing a fully qualified DN as a second argument modifies the "top-level"
> directory used in the search:
> {code}
> $groups =
> $sso->retrieveGroupsForUser($sso->getCurrentUsername(),SSO_GROUPS_DN);
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)