[
https://issues.apache.org/jira/browse/OAK-7428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16448087#comment-16448087
]
Manfred Baedke commented on OAK-7428:
-------------------------------------
The configuration of the LdapIdentityProvider offers the options to set
different id attributes for users and groups respectively, which is actually
sensible because users and groups usually belong to different object classes.
If these attributes are actually different, the solution implemented so far is
insufficient, because only one attribute name may be specified to be used to
create principal ids. So I'm going to change the implementation, so that either
the DN or the respective id attribute may be used.
> LdapIdentityProvider doesn't support creating external ids from custom
> attributes
> ---------------------------------------------------------------------------------
>
> Key: OAK-7428
> URL: https://issues.apache.org/jira/browse/OAK-7428
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: auth-ldap
> Reporter: Manfred Baedke
> Assignee: Manfred Baedke
> Priority: Major
>
> The LdapIdentityProvider always uses the value of an authorizables DN to
> create external ids. But DNs may change over time, while the external id of
> an authorizable have to be stable because the property rep:externalID is
> protected.
> Therefore we need to add the option to use the value of a configurable LDAP
> attribute to create external ids from it.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
