[jira] [Updated] (OAK-3115) Support memberOf attribute within the user entity to lookup memberships in the LdapIdentityProvider

Fri, 28 Jan 2022 04:48:04 -0800 


     [ 
https://issues.apache.org/jira/browse/OAK-3115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus updated OAK-3115:
---------------------------------
    Description: 
Some LDAPs  (e.g. OpenLDAP via 
http://www.openldap.org/doc/admin24/overlays.html or ActiveDirectory via 
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ada2/cc24555b-61c7-49a2-9748-167b8ce5a512),
 support a reverse lookup of group memberships (i.e. without an additional 
search the group membership can just be determined by looking at a specific 
attribute like "memberOf").
It would be good if the {{LdapIdentityProvider}} would support that directly 
(instead of executing an expensive search).

  was:
Some LDAPs  (e.g. OpenLDAP via 
http://www.openldap.org/doc/admin24/overlays.html), support a reverse lookup of 
group memberships (i.e. without an additional search the group membership can 
just be determined by looking at a specific attribute like "memberOf").
It would be good if the {{LdapIdentityProvider}} would support that directly 
(instead of executing an expensive search).


> Support memberOf attribute within the user entity to lookup memberships in 
> the LdapIdentityProvider
> ---------------------------------------------------------------------------------------------------
>
>                 Key: OAK-3115
>                 URL: https://issues.apache.org/jira/browse/OAK-3115
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: auth-ldap
>    Affects Versions: 1.3.2
>            Reporter: Konrad Windszus
>            Priority: Major
>
> Some LDAPs  (e.g. OpenLDAP via 
> http://www.openldap.org/doc/admin24/overlays.html or ActiveDirectory via 
> https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ada2/cc24555b-61c7-49a2-9748-167b8ce5a512),
>  support a reverse lookup of group memberships (i.e. without an additional 
> search the group membership can just be determined by looking at a specific 
> attribute like "memberOf").
> It would be good if the {{LdapIdentityProvider}} would support that directly 
> (instead of executing an expensive search).



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to