Hi,
with subtree=true, you don't need the FQN.
For instance, if you define ou=role,dc=test,dc=org as baseDN, and
uid=%u
the LDAP search will cover:
uid=%u,ou=role,dc=test,dc=org
uid=%u,ou=other,ou=role,dc=test,dc=org
etc
subtree mean descending in the children.
So you may not use a FQN.
Did you try ?
Regards
JB
On 11/03/2011 03:38 PM, metatech wrote:
Hi,
I am trying to setup BASIC authentication on camel-jetty routes with a LDAP
user.
I defined the realm in my blueprint.xml to use Karaf's LDAPLoginModule (see
below) and I think there is a limitation with the "%u" placeholder. If
users are not hierarchically structured, I can configure twice the user
suffix ("ou=Users,dc=mycompany,dc=com" in my example), both in the
"user.base.dn", and in the "role.filter".
This works fine.
However, if users are hierarchically structured, the "%u" only contains the
login and not the sub-branch ("SUBBRANCH" in my example).
Is there any reason why the "%u" is not containing the full DN instead of
the login name ?
Thanks in advance,
metatech
<jaas:config name="LDAPRealm">
<jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
flags="required">
connection.url = ldap://ldap-acc.mycompany.com:389
user.base.dn = ou=Users,dc=mycompany,dc=com
user.filter = (uid=%u)
user.search.subtree = true
role.base.dn = ou=UsersGroups,dc=mycompany,dc=com
role.filter =
(uniqueMember=uid=%u,ou=SUBBRANCH,ou=Users,dc=mycompany,dc=com)
role.name.attribute = cn
role.search.subtree = true
authentication = simple
</jaas:module>
</jaas:config>
--
View this message in context:
http://karaf.922171.n3.nabble.com/Does-Karaf-support-hierarchical-LDAP-roles-tp3477321p3477321.html
Sent from the Karaf - User mailing list archive at Nabble.com.
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
