[
https://issues.apache.org/jira/browse/CXF-6043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Bernhardt reassigned CXF-6043:
----------------------------------
Assignee: Jan Bernhardt
> Multi User BaseDN Support for LdapClaimsHandler
> -----------------------------------------------
>
> Key: CXF-6043
> URL: https://issues.apache.org/jira/browse/CXF-6043
> Project: CXF
> Issue Type: Improvement
> Components: STS
> Affects Versions: 2.7.12, 3.0.1
> Reporter: Jan Bernhardt
> Assignee: Jan Bernhardt
> Labels: Claims, STS
> Fix For: 3.1.0
>
>
> The current implementation of the LdapClaimsHandler only allows to define a
> single DN for your user search base. In cases when users are spread in
> multiple OUs which do not share a common OU, it is not possible to collect
> claims for all the users.
> Sample:
> CN=Alice,OU=Internal-User,DC=MY,DC=DOMAIN,DC=COM
> CN=Bob,OU=External-User,DC=MY,DC=DOMAIN,DC=COM
> Setting the "userBaseDN" to "OU=Internal-User,DC=MY,DC=DOMAIN,DC=COM" would
> cause that claims for Bob could not be resolved.
> My proposal is to add another property "userBaseDNs" to the LdapClaimsHandler
> containing a List<String> of userBaseDN. If the user could not be found
> within the scope of userBaseDN then all userBaseDNs contained in the
> Collection will be searched until the user claims could be retrieved.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
