Hi Bill,
Bill Keirskie wrote:
I have a web application that I am trying to authenticate to ApacheDS. The web application can authenticate the
user against ApacheDS, but cannot obtain a list of groups the user belohas membership to. Upon login, the web
application syncs the user's groups with it's internal database for role based permissions based on the LDAP
groups. That way, user and group membership is managed at the LDAP server and not by the application. The web
application has a configuration of <attribute mode='memberOf'
name='ou=WebAppUserAccounts,dc=example,dc=net'/>. I can change the memberOf to whatever objectclass it needs to
be, but so far, nothing has worked. I've tried "isMemberOf", "member"
"uniqueMember", and a few others. I can make this work against Active Directory, but I would like to use
ApacheDS for this particular project.
I am still not quite sure what you are exactly doing. The ApacheDS side
seems to be clear (although version number, OS etc. would be nice), but
what type of web application server are you using? Is it a Java EE web
application created by you (or 3rd party?) deployed on a Java EE
compliant server (which one)? The configuration line
<attribute mode='memberOf' name='ou=WebAppUserAccounts,dc=example,dc=net'/>
seems to be application specific. I assume, the memberOf mode leeds to
reading the values of the memberOf attribute of a user entry, but this
is just an assumption ...
Greetings from Hamburg,
StefanZ
