[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lorenz Quack updated QPID-7116:
---
Assignee: Keith Wall (was: Lorenz Quack)
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
>Assignee: Keith Wall
> Fix For: qpid-java-6.1
>
> Attachments: 0001-WIP-unification.patch, 0002-WIP-LDAP-groups.patch
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lorenz Quack updated QPID-7116:
---
Status: Reviewable (was: In Progress)
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
>Assignee: Lorenz Quack
> Fix For: qpid-java-6.1
>
> Attachments: 0001-WIP-unification.patch, 0002-WIP-LDAP-groups.patch
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7116:
-
Attachment: 0001-WIP-unification.patch
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
>Assignee: Alex Rudyy
> Fix For: qpid-java-6.1
>
> Attachments: 0001-WIP-unification.patch, 0002-WIP-LDAP-groups.patch
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7116:
-
Attachment: (was: ldap-auth-provider-changes.tar.gz)
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
>Assignee: Alex Rudyy
> Fix For: qpid-java-6.1
>
> Attachments: 0001-WIP-unification.patch, 0002-WIP-LDAP-groups.patch
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7116:
-
Attachment: (was:
0001-QPID-7116-Add-ability-to-utilise-group-information-f.patch)
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
>Assignee: Alex Rudyy
> Fix For: qpid-java-6.1
>
> Attachments: 0001-WIP-unification.patch, 0002-WIP-LDAP-groups.patch
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7116:
-
Attachment: 0002-WIP-LDAP-groups.patch
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
>Assignee: Alex Rudyy
> Fix For: qpid-java-6.1
>
> Attachments:
> 0001-QPID-7116-Add-ability-to-utilise-group-information-f.patch,
> 0002-WIP-LDAP-groups.patch, ldap-auth-provider-changes.tar.gz
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7116:
-
Attachment: 0001-QPID-7116-Add-ability-to-utilise-group-information-f.patch
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
>Assignee: Alex Rudyy
> Fix For: qpid-java-6.1
>
> Attachments:
> 0001-QPID-7116-Add-ability-to-utilise-group-information-f.patch,
> ldap-auth-provider-changes.tar.gz
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7116:
-
Attachment: (was:
0001-QPID-7116-Add-ability-to-utilise-group-information-f.patch)
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
>Assignee: Alex Rudyy
> Fix For: qpid-java-6.1
>
> Attachments:
> 0001-QPID-7116-Add-ability-to-utilise-group-information-f.patch,
> ldap-auth-provider-changes.tar.gz
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7116:
-
Attachment: ldap-auth-provider-changes.tar.gz
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
> Fix For: qpid-java-6.1
>
> Attachments:
> 0001-QPID-7116-Add-ability-to-utilise-group-information-f.patch,
> ldap-auth-provider-changes.tar.gz
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7116:
-
Attachment: 0001-QPID-7116-Add-ability-to-utilise-group-information-f.patch
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
> Fix For: qpid-java-6.1
>
> Attachments:
> 0001-QPID-7116-Add-ability-to-utilise-group-information-f.patch,
> ldap-auth-provider-changes.tar.gz
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7116:
-
Attachment: (was: WIP-get-ldap-groups.diff)
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
> Fix For: qpid-java-6.1
>
> Attachments:
> 0001-QPID-7116-Add-ability-to-utilise-group-information-f.patch,
> ldap-auth-provider-changes.tar.gz
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7116:
-
Attachment: (was: ldap-auth-provider-changes.tar.gz)
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
> Fix For: qpid-java-6.1
>
> Attachments:
> 0001-QPID-7116-Add-ability-to-utilise-group-information-f.patch,
> ldap-auth-provider-changes.tar.gz
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7116:
-
Attachment: ldap-auth-provider-changes.tar.gz
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
> Fix For: qpid-java-6.1
>
> Attachments: WIP-get-ldap-groups.diff,
> ldap-auth-provider-changes.tar.gz
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7116:
-
Attachment: WIP-get-ldap-groups.diff
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
> Fix For: qpid-java-6.1
>
> Attachments: WIP-get-ldap-groups.diff
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keith Wall updated QPID-7116:
-
Description:
The Java Broker can already authenticate users against an LDAP compatible
directory. It should also be able to use the same information source as a
source of group information too.
The authentication provide needs to accept optional attributes governing where
the group information will be found:
{{groupSearchContext}} - the base entry for the role search. If not specified,
the search base is the top-level directory context.
{{groupSearchFilter}} - the LDAP search filter for selecting group entries. A
{0} token within the filter will be replaced by the distinguish name of the
authenticated user.
{{groupAttributeName}} - the name of the attribute that contains the name of
the role.
After the authentication provider has successfully bound (authenticated) the
user, it should perform a second query for the groups. It should build a
{{GroupPrincipal}} for each group to which the user belongs and return this as
part of the AuthenticationResult. If the group search attributes are not
found, the group search should be skipped.
A future version if the LDAP Authentication Provider may offer the ability to
cache the group results for a DN period of time. This would serve to avoid
hitting the Directory several times authentication (it already hits the
Directory twice if {{bindWithoutSearch}} is false, this will add a third).
was:
The Java Broker can already authenticate users against an LDAP compatible
directory. It should also be able to use the same information source as a
source of group information too.
The authentication provide needs to accept optional attributes governing where
the group information will be found:
{{groupSearchContext}} - the base entry for the role search. If not specified,
the search base is the top-level directory context.
{{groupSearchFilter}} - the LDAP search filter for selecting group entries. A
{0} token within the filter will be replaced by the distinguish name of the
authenticated user.
{{groupAttributeName}} - the name of the attribute that contains the name of
the role.
After the authentication provider has successfully bound (authenticated) the
user, it should perform a second query for the groups. It should build a
{{GroupPrincipal}} for each group to which the user belongs and return this as
part of the AuthenticationResult. If the group search attributes are not
found, the group search should be skipped.
A future version if the LDAP Authentication Provider may offer the ability to
cache the group results for a DN period of time. This would serve to avoid
hitting the Directory several times authentication (it already hits the
Directory twice if {{bindWithoutSearch}} is false, this will add a third).
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
> Fix For: qpid-java-6.1
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail:
[jira] [Updated] (QPID-7116) Ability to utilise group information from a LDAP compatible directory
[
https://issues.apache.org/jira/browse/QPID-7116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keith Wall updated QPID-7116:
-
Description:
The Java Broker can already authenticate users against an LDAP compatible
directory. It should also be able to use the same information source as a
source of group information too.
The authentication provide needs to accept optional attributes governing where
the group information will be found:
{{groupSearchContext}} - the base entry for the role search. If not specified,
the search base is the top-level directory context.
{{groupSearchFilter}} - the LDAP search filter for selecting group entries. A
{0} token within the filter will be replaced by the distinguish name of the
authenticated user.
{{groupAttributeName}} - the name of the attribute that contains the name of
the role.
After the authentication provider has successfully bound (authenticated) the
user, it should perform a second query for the groups. It should build a
{{GroupPrincipal}} for each group to which the user belongs and return this as
part of the AuthenticationResult. If the group search attributes are not
found, the group search should be skipped.
A future version if the LDAP Authentication Provider may offer the ability to
cache the group results for a DN period of time. This would serve to avoid
hitting the Directory several times authentication (it already hits the
Directory twice if {{bindWithoutSearch}} is false, this will add a third).
was:
The Java Broker can already authenticate against an LDAP compatible directory.
It should also be able to use the same information source as a source of group
information too.
> Ability to utilise group information from a LDAP compatible directory
> -
>
> Key: QPID-7116
> URL: https://issues.apache.org/jira/browse/QPID-7116
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
>Reporter: Keith Wall
> Fix For: qpid-java-6.1
>
>
> The Java Broker can already authenticate users against an LDAP compatible
> directory. It should also be able to use the same information source as a
> source of group information too.
> The authentication provide needs to accept optional attributes governing
> where the group information will be found:
> {{groupSearchContext}} - the base entry for the role search. If not
> specified, the search base is the top-level directory context.
> {{groupSearchFilter}} - the LDAP search filter for selecting group entries.
> A {0} token within the filter will be replaced by the distinguish name of the
> authenticated user.
> {{groupAttributeName}} - the name of the attribute that contains the name of
> the role.
> After the authentication provider has successfully bound (authenticated) the
> user, it should perform a second query for the groups. It should build a
> {{GroupPrincipal}} for each group to which the user belongs and return this
> as part of the AuthenticationResult. If the group search attributes are not
> found, the group search should be skipped.
> A future version if the LDAP Authentication Provider may offer the ability to
> cache the group results for a DN period of time. This would serve to avoid
> hitting the Directory several times authentication (it already hits the
> Directory twice if {{bindWithoutSearch}} is false, this will add a third).
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
