Hi,
<Property name="UserNameAttribute">cn</Property>
<Property
name="UserNameSearchFilter">(&(objectClass=user)(cn=?))</Property>
Above are two parameters we specify for a userStoremanager in usr-mgt.xml
of a carbon product. If I understood correctly, UserNameAttribute is the
attribute which is used as the username when users are logged in to the
servers. UserNameSearchFilter will be used to search users (ie.
authenticating users )
In both parameters we used the value "cn". But what will happen if we
specify different values for two parameters as below.
<Property name="UserNameAttribute">sAMAccountName</Property>
<Property
name="UserNameSearchFilter">(&(objectClass=user)(cn=?))</Property>
Though sAMAccountName is specified as the login name, the cn attribute is
still used when authenticating users. Users have to log in using the cn
values. However UserNameAttribute was not considered when authenticating
users. I copied and pasted a part of the code (in WSO2 IS 4.5) that
executes when authenticating users below.
String userSearchFilter =
realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_SEARCH_FILTER);
userSearchFilter = userSearchFilter.replace("?", userName);
This won't be a problem if the same attribute(cn/sAMAccountName) is used in
both parameters. Is it the expected way of configuring? If so, wouldn't it
be better if there is a way to specify the attribute only in one place to
reduce misconfiguration posibilities.
Is there any use case in specifying different attributes in above
parameters?
--
Udara Liyanage
Software Engineer
WSO2, Inc.: http://wso2.com
lean. enterprise. middleware
web: http://udaraliyanage.wordpress.com
phone: +94 71 443 6897
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
