Yeah, we do the same thing. You will need to use a different user (or anon) to make one query to get the user.
The only downside is you end up with 3 queries, 1.) get the user with the system user 2.) login (for authentication using a bind) 3.) get the users roles (if you are using static groups) (with the system user) (granted you should only need to do this once) If you happen to store the password hash in ldap and you are using dynamic groups (groups are stored on your user object, e.g. 'memberOf') you can cut this down to one (assuming you can cache these bits for when you need to authz) Hope this helps, -Brian On Wed, Mar 30, 2011 at 5:36 AM, remast <[email protected]> wrote: > Hi All, > > is it possible to perform an LDAP search query before authenticating a user? > > The search query I need to perform is: "(&(objectclass=user)(uid={0}))". The > start of the search query is something like "dc=my-company,dc=de". This > query should be performed using a special user and login. > > -> Is that possible? > > Thanks, > Jan > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/LDAP-Authentication-with-LDAP-search-query-tp6222489p6222489.html > Sent from the Shiro User mailing list archive at Nabble.com. >
