Anyone have any idea on this one? This not working sorta defeats the purpose of using LDAP as an authorization realm.
On Fri, Dec 21, 2012 at 2:46 PM, John Vines <[email protected]> wrote: > So I was able to determine that subjectPrincipalName was not being set, so > adding that actually got the ldap query on line 174 to return something. > However, memberOf is not part of the result set. So it returns nothing. > However, I was able to query is successfully using ldp and see the memberOf > attribute ( http://i.imgur.com/yhN1t.png ). Any thoughts? > > > On Thu, Dec 20, 2012 at 9:59 PM, Les Hazlewood <[email protected]>wrote: > >> Hi John, >> >> Here's the part of code that does the ActiveDirectory role lookup: >> >> >> http://shiro.apache.org/static/current/xref/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.html#136 >> >> It uses the 'memberOf' attribute to determine Roles. >> >> HTH! >> >> -- >> Les Hazlewood | @lhazlewood >> CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 >> Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk >> >> On Thu, Dec 20, 2012 at 4:57 PM, John Vines <[email protected]> wrote: >> > I will preface this with I am fairly green when it comes to LDAP and >> AD. The >> > ActiveDirectoryRealm.hasRole() call, does that work against a Role or a >> > Group? If the former, is there a way to do checks against Group >> membership >> > from SecurityManager? I'm having issues having hasRole work against an >> AD >> > instance and I find myself to be a bit stuck due to lack of knowledge of >> > both AD/LDAP and Shiro's role/permission support. >> > >> > Thanks >> > John >> > >
