[
https://issues.apache.org/jira/browse/ISIS-1162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14622242#comment-14622242
]
ASF subversion and git services commented on ISIS-1162:
-------------------------------------------------------
Commit caca05132937f63fa6e332b0cc22979d65d046dd in isis's branch
refs/heads/master from [~danhaywood]
[ https://git-wip-us.apache.org/repos/asf?p=isis.git;h=caca051 ]
Merge branch 'ISIS-1162_pr-31'
> For Shiro Realm,Make LDAP attributes as permision generator
> -----------------------------------------------------------
>
> Key: ISIS-1162
> URL: https://issues.apache.org/jira/browse/ISIS-1162
> Project: Isis
> Issue Type: Improvement
> Components: Core: Security: Shiro
> Reporter: sebastien diaz
> Assignee: Dan Haywood
>
> Add attribute for permission ldap extraction
> I propose new permisions creation from LDAP attribute
> Alternatively, permissions can be extracted from the base itself with the
> parameter searchUserBase,
> the attribute list as userExtractedAttribute and the permission url as
> permissionByUserAttribute.
> The idea is to extract attribute from the user or the group of the user and
> map directly to permission rule in replacing the string {attribute} by the
> extracted attribute (can me multiple).
> See the sample for group and user attribute and mapping:
> ldapRealm.searchUserBase = ou=users,o=mojo
> ldapRealm.userObjectClass=inetOrgPerson
> ldapRealm.userObjectClass=organizationnalPerson
> ldapRealm.groupExtractedAttribute=street,country
> ldapRealm.userExtractedAttribute=street,country
> ldapRealm.permissionByGroupAttribute=attribute:Folder.{street}:Read,attribute:Portfolio.{country}
> ldapRealm.permissionByUserAttribute=attribute:Folder.{street}:Read,attribute:Portfolio.{country}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
