Active Directory uses dynamic groups, so each users will have a list of memberOf attributes which define which roles it belongs to. When using dynamic groups only one query is needed to get the user info and groups. As opposed to static groups which requires two queries. One to get the user info, and another to search for the groups that users belongs too.
On Fri, Jan 15, 2010 at 6:38 PM, rchristy <[email protected]> wrote: > > I have a question about the implementation of this method in this realm. > It > seems to be searching ActiveDirectory for groups that the a user belongs to > and map that to roles. I seem to be authenticating to active directory ok, > but each time this method gets called the LdapSearch returns nothing even > though I know the user is in many groups (or at least memberOf attributes > which I assume the query is looking for or maybe that is my problem). > Anyway I was hoping someone could explain what in ActiveDirectory this > search is looking for so I can understand why nothing every comes back. > > Thanks > > Rich > -- > View this message in context: > http://n2.nabble.com/ActiveDirectoryRealm-getRoleNamesForUser-tp4402069p4402069.html > Sent from the Shiro User mailing list archive at Nabble.com. >
