The
org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm#getRoleNamesForUser
uses the following ldap query to search for groups:
String searchFilter = "(&(objectClass=*)(userPrincipalName={0}))";
I have seen instances where the userPrincipalName is not always populated
but the sAMAccountName is.
Can we expose this search filter with a getter/setter so that it defaults to
the above but can be configurable via the shiro.ini?
This would allow us to use the default Realm all the time but just modify
the ini file slightly for clients that have an unusual configuration.
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Can-We-Expose-The-ActiveDirectoryRealm-searchFilter-tp7581290.html
Sent from the Shiro User mailing list archive at Nabble.com.
