Hi Jim, There is an issue here: how to ensure that entries are unique?
The problem is that to build a distinguished name (DN), you need the username, plus a RDN. As long as there is a single RDN defined in the plugin configuration that is used to build the DN, we can guarantee that a single username always maps to one unique DN in the LDAP directory (and vice-versa from the LdapPlugin perspective) If you start adding several RDN to build a DN (whatever the way it is implemented), this condition cannot be guaranteed anymore. In other words, if there is one "joe.user" in OU=Technical and another "joe.user" in OU=Management, there is no way to distinguish one from the other, and the permission system would be compromised, one group being picked at random by the system. In order to make it work, you'll have to be sure that there are no two "joe.user" users registered in your enterprise directory, or at least in the common subtree of all RDNs. This kind of bypass the role of the DN in a LDAP directory. You could nevertheless implement such a hack where the plugin would use a list of RDN instead of a single one, and build several DNs with each RDN, and stop on the first match. Keep in mind that this may represent a security issue. HTH, Cheers, Manu (main author of the LdapPlugin) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
