[jira] [Created] (KNOX-694) Enhance LDAP user search configurability

[Kevin Minder (JIRA)]

Kevin Minder created KNOX-694:
---------------------------------

             Summary: Enhance LDAP user search configurability
                 Key: KNOX-694
                 URL: https://issues.apache.org/jira/browse/KNOX-694
             Project: Apache Knox
          Issue Type: Bug
          Components: Server
    Affects Versions: 0.8.0
            Reporter: Kevin Minder
             Fix For: Future


In very complex organizations the current configuration supported by 
KnoxLdapRealm my not be sufficient.  Ideally it would be possible to:
1. Configure the LDAP search filter directly
2. Configure the LDAP search scope
3. Have portions of the search base and filter be derived from the input 
principal.
To clarify this, I'm thinking of provider configurations like these
{code}
<param name="main.ldapRealm.principalRegex" value="(.*?)\\(.*)"/>
<param name="main.ldapRealm.userDnTemplate" 
value="CN={2},CN={1},DC=qa,DC=company,DC=com"/>
{code}

{code}
<param name="main.ldapRealm.principalRegex" value="(.*?)\\(.*)"/>
<param name="main.ldapRealm.userSearchBase" 
value="CN={1},DC=qa,DC=company,DC=com"/>
<param name="main.ldapRealm.userSearchAttributeName" value="sAMAccountName"/>
<param name="main.ldapRealm.userSearchAttributeTemplate" value="{2}"/>
{code}

{code}
<param name="main.ldapRealm.principalRegex" value="(.*?)\\(.*)"/>
<param name="main.ldapRealm.userSearchBase" 
value="CN={1},DC=qe,DC=company,DC=com"/>
<param name="main.ldapRealm.userSearchFilter" 
value="(&amp;(objectclass=person)(sAMAccountName={2}))"/>
{code}

{code}
<param name="main.ldapRealm.principalRegex" value="(.*?)\\(.*)"/>
<param name="main.ldapRealm.userSearchBase" 
value="CN={2},CN={1},DC=qa,DC=company,DC=com"/>
<param name="main.ldapRealm.userSearchScope" value="object"/>
{code}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)