Brian Demers wrote:
>
> Active Directory uses dynamic groups, so each users will have a list of
> memberOf attributes which define which roles it belongs to. When using
> dynamic groups only one query is needed to get the user info and groups.
> As
> opposed to static groups which requires two queries. One to get the user
> info, and another to search for the groups that users belongs too.
>
>
>
> On Fri, Jan 15, 2010 at 6:38 PM, rchristy <[email protected]> wrote:
>
>>
>> I have a question about the implementation of this method in this realm.
>> It
>> seems to be searching ActiveDirectory for groups that the a user belongs
>> to
>> and map that to roles. I seem to be authenticating to active directory
>> ok,
>> but each time this method gets called the LdapSearch returns nothing even
>> though I know the user is in many groups (or at least memberOf attributes
>> which I assume the query is looking for or maybe that is my problem).
>> Anyway I was hoping someone could explain what in ActiveDirectory this
>> search is looking for so I can understand why nothing every comes back.
>>
>> Thanks
>>
>> Rich
>> --
>> View this message in context:
>> http://n2.nabble.com/ActiveDirectoryRealm-getRoleNamesForUser-tp4402069p4402069.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
>
--
View this message in context:
http://n2.nabble.com/ActiveDirectoryRealm-getRoleNamesForUser-tp4402069p4406335.html
Sent from the Shiro User mailing list archive at Nabble.com.
