Thanks for the update Christian. Sorry, I wasn't able to get back to you
early (busy with a customer).
Good to know and thanks again for sharing.
Regards
JB
On 07/12/2016 05:23 PM, Christian wrote:
Lookl like my property based login configuration is not really usable to
reproduce my issue. I found a specific Active Directory Solution which fits
to my requirements.
I added a matching rule in the LDAP login module configuration. It looks
like this:
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0";
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0";>
<jaas:config name="karaf" rank="1">
<jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
flags="required">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connection.username=***
connection.password=***
connection.protocol=
connection.url=ldap://***:389
user.base.dn=OU=NeastedGroupsTest,DC=test,DC=***,DC=***
user.filter=(sAMAccountName=%u)
user.search.subtree=true
role.base.dn=OU=NeastedGroupsTest,DC=test,DC=***,DC=***
role.name.attribute=cn
role.filter=(member:1.2.840.113556.1.4.1941:=%fqdn)
role.search.subtree=true
role.mapping =
neastedGroupAdmin=admin;neastedGroupManager=manager;neastedGroupViewer=viewer
</jaas:module>
</jaas:config>
</blueprint>
The magic is done by the member filter with the ":1.2.840.113556.1.4.1941:".
then it works with neasted groups.
With best regards
Christian
--
View this message in context:
http://karaf.922171.n3.nabble.com/Karaf-4-0-3-ACL-group-in-group-not-working-tp4047197p4047206.html
Sent from the Karaf - User mailing list archive at Nabble.com.
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
