[jira] [Resolved] (OODT-233) allow users to (optionally) specify search directory when finding groups for username

Sun, 30 Aug 2015 11:57:06 -0700 

     [ 
https://issues.apache.org/jira/browse/OODT-233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Chris A. Mattmann resolved OODT-233.
------------------------------------
    Resolution: Won't Fix

never implemented, so must be not high priority

> allow users to (optionally) specify search directory when finding groups for 
> username
> -------------------------------------------------------------------------------------
>
>                 Key: OODT-233
>                 URL: https://issues.apache.org/jira/browse/OODT-233
>             Project: OODT
>          Issue Type: Improvement
>          Components: single sign on
>         Environment: from JPL internal JIRA
>            Reporter: Andrew Hart
>             Fix For: 0.11
>
>
> The SingleSignOn (security) library defines a function:
> {code:title=SingleSignOn.php|borderStyle=solid}
> retrieveGroupsForUser($username) {...}
> {code}
> which connects to the LDAP server and attempts to identify all groups the 
> provided username belongs to by executing the following filter:
> {code}
> $filter = "(&(objectClass=groupOfUniqueNames)"
>        ."(uniqueMember=uid={$username}," . SSO_BASE_DN . "))";
> $result = ldap_search($ldapconn,SSO_BASE_DN,$filter,array('cn'));
> {code}
> This update proposes to allow a user to optionally specify a search directory 
> other than the SSO_BASE_DN to use when searching for groups. 
> By updating the method signature to optionally accept a search directory 
> (defaulting to SSO_BASE_DN if none is provided), we can support a wider array 
> of directory layouts with no impact to the default behavior:
> {code:title=SingleSignOn.php|borderStyle=solid}
> retrieveGroupsForUser($username,$searchDirectory = SSO_BASE_DN) {...}
> {code}
> The filter code would be updated to use the provided search directory:
> {code}
> $filter = "(&(objectClass=groupOfUniqueNames)"
>        ."(uniqueMember=uid={$username}," . SSO_BASE_DN . "))";
> $result = ldap_search($ldapconn,$searchDirectory,$filter,array('cn'));
> {code}
> Existing implementations would not require any modification to their code, 
> because the function continues to use SSO_BASE_DN unless a second argument is 
> explicitly provided:
> {code}
> $groups = $sso->retrieveGroupsForUser($sso->getCurrentUsername());
> {code}
> Providing a fully qualified DN as a second argument modifies the "top-level" 
> directory used in the search:
> {code}
> $groups = 
> $sso->retrieveGroupsForUser($sso->getCurrentUsername(),SSO_GROUPS_DN);
> {code} 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to