Christian Schmülling created CXF-6303:
-----------------------------------------
Summary: Multi Group and User BaseDN Support for
LdapGroupClaimsHandler
Key: CXF-6303
URL: https://issues.apache.org/jira/browse/CXF-6303
Project: CXF
Issue Type: Improvement
Components: STS
Affects Versions: 3.1.0, 2.7.16, 3.0.5
Reporter: Christian Schmülling
Priority: Critical
Fix For: 3.1.0, 2.7.16, 3.0.5
The current implementation of the LdapGroupClaimsHandler only allows to define
a single DN for your group and user search base. In cases when groups and users
are spread in multiple OUs which do not share a common OU, it is not possible
to collect claims for all the users.
Sample:
CN=group1,OU=Internal-Group,DC=MY,DC=DOMAIN,DC=COM
CN=group2,OU=External-Group,DC=MY,DC=DOMAIN,DC=COM
Setting the "groupBaseDN" to "OU=Internal-Group,DC=MY,DC=DOMAIN,DC=COM" would
cause that roles for Bob could not be resolved.
My proposal is to add properties "groupBaseDNs" and "userBaseDNs" to the
LdapGroupClaimsHandler containing a List<String> of groupBaseDN and userBaseDN.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
