Nikolay Sokolov created GRIFFIN-207:
---------------------------------------
Summary: LDAP auth is not supporting group filters and non-CN
login names
Key: GRIFFIN-207
URL: https://issues.apache.org/jira/browse/GRIFFIN-207
Project: Griffin (Incubating)
Issue Type: Bug
Reporter: Nikolay Sokolov
Currently LDAP auth performs bind to principal with name
"${username}${ldap.email}", and searches through user objects
ldap.searchPattern. Result of search then only used to retrieve fullName of the
user.
There are two problems here:
* login username can not be different than CN, as it is used to perform LDAP
bind
* it is not possible to restrict access to specific groups
Typical approach used in other software products is to use separate bind
account, which would search through LDAP objects using search pattern, and then
use found object's DN to perform password check.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
