Attached is a new version on JNDIRealm class. I have added the ability for it to recursive through roles. We have users in roles and those roles in other roles. I have added the following:
debug="3" connectionURL="ldap://10.85.42.223:389" connectionName="cn=Manager,dc=acxiom,dc=com" connectionPassword="secret" userPattern="cn={0},ou=people,dc=acxiom,dc=com" roleBase="ou=groups, dc=acxiom, dc=com" roleName="CN" roleSearch="(member={0})" roleSubtree="true" digest="SHA" rolePattern="member=cn={0},ou=groups, dc=acxiom, dc=com"/>
ArrayList listOut = new ArrayList(); String filter = null; SearchControls controls = null; NamingEnumeration results = null; SearchResult result = null; Attributes attrs = null; String currentRole = null;
if (rolePattern == null) { return currentList; }
if (level > 15) { return currentList; }
if (currentList == null) { return listOut; }
if (currentList.size() == 0 ) { return currentList; }
Iterator it = currentList.iterator();
while(it.hasNext()) { currentRole = (String) it.next();
filter = rolePatternFormat.format(new String[] { currentRole });
controls = new SearchControls(); if (roleSubtree) { controls.setSearchScope(SearchControls.SUBTREE_SCOPE); } else { controls.setSearchScope(SearchControls.ONELEVEL_SCOPE); }
controls.setReturningAttributes(new String[] {roleName});
// Perform the configured search and process the results if (debug >= 3) { log(" Searching role base '" + roleBase + "' for attribute '" + roleName + "'"); log(" With filter expression '" + filter + "'"); }
results = context.search(roleBase, filter, controls); if (results == null) return (currentList); // Should never happen, but just in case ...
while (results.hasMore()) { result = (SearchResult) results.next(); attrs = result.getAttributes(); if (attrs == null) { continue; } listOut = addAttributeValues(roleName, attrs, listOut); } }
listOut = getImbeddedGroups(context, listOut, level + 1);
listOut.addAll(currentList);
return (listOut); }
Scott Jones Acxiom Corporation [EMAIL PROTECTED]
|
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]