Announcement Announcement Module
Collapse
No announcement yet.
LDAP indirect lookup Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP indirect lookup

    Hello,

    Question: Can I make a reverse look up on a users Role?

    This is what I am basically using:
    spring-ldap-1.3.0.RELEASE-all.jar
    spring-security-core-2.0.4.jar

    Explanation:
    I have nodes (ou) Users, Groups and Roles (all same Level)
    Users are members in Groups and these Groups are allocated to Roles.

    Example:
    user XY is in group RED
    Group RED is in Roles ABC
    Essentially the look up result should show that XY has the ROLES ABC. (or RED + ABC)

    That means I need to realize to get the GROUP the USER is in and then another lookup to get the ROLE the GROUP is in to retrieve all authorities.

    Currenly I am using this which returns the Groups of a user.

    HTML Code:
    <!-- ======================== LDAP ======================= -->
    	<bean id="initialDirContextFactory" class="org.springframework.security.ldap.DefaultInitialDirContextFactory">
    		<constructor-arg value="ldap://SRVADDRESS:PORT"/>
    		<property name="managerDn"><value>CN=UsersGroup, OU=USERS,DC=ad,DC=company,DC=de</value></property>
    		<property name="managerPassword"><value>pw$1</value></property>
    		<property name="extraEnvVars"><map><entry key="java.naming.referral" value="follow"/></map></property>
    	</bean>    
    	<!-- For LDAP authentication -->
    	<bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
    		<constructor-arg>
    			<bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
    				<constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
    				<property name="userSearch" ref="userSearch"/>
    			</bean>
    		</constructor-arg>
    		<!-- Mapping User Roles --> 
    		<constructor-arg>
    			<bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
    				<constructor-arg index="0"><ref local="initialDirContextFactory"/></constructor-arg>
    				<constructor-arg index="1"><value>OU=Rights,OU=Groups,DC=ad,DC=company,DC=de</value></constructor-arg>
    				<property name="groupRoleAttribute"><value>cn</value></property>
    				<property name="searchSubtree"><value>false</value></property>
    				<property name="convertToUpperCase"><value>true</value></property>
    				<property name="rolePrefix"><value>AD_</value></property> 
    			</bean>
    		</constructor-arg>
    	</bean> 
    	<!-- For LDAP authentication. This bean is not used by default -->
    	<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
    		<constructor-arg index="0"><value>OU=USERS,DC=ad,DC=company,DC=de</value></constructor-arg>
    		<constructor-arg index="1"><value>(sAMAccountName={0})</value></constructor-arg>
    		<constructor-arg index="2"><ref local="initialDirContextFactory" /></constructor-arg>            
    		<property name="searchSubtree"><value>true</value></property>
    	</bean>


    Thanks in advance!!
Working...
X