Please create a ticket - that'd be quite helpful, thanks!
On Tue, Jan 8, 2013 at 12:23 PM, John Vines <[email protected]> wrote:
> PEBCAK, missed the groupRolesMap. Set that and got it working. On a side
> note, adding
> searchCtls.setReturningAttributes(new String[] {"memberOf"});
> to getRoleNamesForUser in ActiveDirectoryRealm (line 164 specfically)
> would be a bit more efficient, as it does the filtering remotely so not
> bringing back excess information and no self filtering necessary (though
> it's a nice sanity check) in the client side. Do you want me to create a
> ticket for this, or do you have it?
>
>
> On Tue, Jan 8, 2013 at 12:57 PM, Les Hazlewood <[email protected]>wrote:
>
>> Hi John,
>>
>> I'm surprised to hear of this since I'm unaware of it failing for others
>> (but maybe others subclass it often and this isn't a problem - who knows).
>> Can you please provide a patch to fix it? We can incorporate a patch asap.
>>
>> Best,
>>
>> --
>> Les Hazlewood | @lhazlewood
>> CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
>> Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk
>>
>>
>> On Mon, Jan 7, 2013 at 9:33 PM, John Vines <[email protected]> wrote:
>>
>>> Anyone have any idea on this one? This not working sorta defeats the
>>> purpose of using LDAP as an authorization realm.
>>>
>>>
>>> On Fri, Dec 21, 2012 at 2:46 PM, John Vines <[email protected]> wrote:
>>>
>>>> So I was able to determine that subjectPrincipalName was not being set,
>>>> so adding that actually got the ldap query on line 174 to return something.
>>>> However, memberOf is not part of the result set. So it returns nothing.
>>>> However, I was able to query is successfully using ldp and see the memberOf
>>>> attribute ( http://i.imgur.com/yhN1t.png ). Any thoughts?
>>>>
>>>>
>>>> On Thu, Dec 20, 2012 at 9:59 PM, Les Hazlewood
>>>> <[email protected]>wrote:
>>>>
>>>>> Hi John,
>>>>>
>>>>> Here's the part of code that does the ActiveDirectory role lookup:
>>>>>
>>>>>
>>>>> http://shiro.apache.org/static/current/xref/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.html#136
>>>>>
>>>>> It uses the 'memberOf' attribute to determine Roles.
>>>>>
>>>>> HTH!
>>>>>
>>>>> --
>>>>> Les Hazlewood | @lhazlewood
>>>>> CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
>>>>> Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk
>>>>>
>>>>> On Thu, Dec 20, 2012 at 4:57 PM, John Vines <[email protected]> wrote:
>>>>> > I will preface this with I am fairly green when it comes to LDAP and
>>>>> AD. The
>>>>> > ActiveDirectoryRealm.hasRole() call, does that work against a Role
>>>>> or a
>>>>> > Group? If the former, is there a way to do checks against Group
>>>>> membership
>>>>> > from SecurityManager? I'm having issues having hasRole work against
>>>>> an AD
>>>>> > instance and I find myself to be a bit stuck due to lack of
>>>>> knowledge of
>>>>> > both AD/LDAP and Shiro's role/permission support.
>>>>> >
>>>>> > Thanks
>>>>> > John
>>>>>
>>>>
>>>>
>>>
>>
>
