Announcement Announcement Module
Collapse
No announcement yet.
How to get base DN for LDAP search Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to get base DN for LDAP search

    Hi All,

    Normally the acegi security will reture authorities with the cn name such as cn=admin

    How can I get the whole DN for the role?
    for example

    cn=admin,ou=test,ou=com,ou=apple


    Best regards,

    Lucas Lu

  • #2
    It seems I need to describe it clearly.
    1> given base group search dn
    ou=application,ou=com,ou=apple

    2> There are tow submodule under application
    2.1 ou=sms,ou=application,ou=com,ou=apple
    with role cn=user (uid=james)
    2.2 ou=mobile,ou=application,ou=com,ou=apple
    it also with role cn=user (uid=john)

    Now when use acegi security, it will get roles with ROLE_USER
    But I need to know ROLE_USER is from module sms or mobile.

    How can I implement it???
    Because it's impossible to change existing LDAP structure, if I can not find the solution to this issue, I seems I will give up acegi security.



    Please help!!!!

    Comment


    • #3
      It seems you are effectively talking about separate roles, depending on what part of the tree they are stored under, so you will have to customize the role population. You could possibly do this by writing an LdapAuthoritiesPopulator implementation which delegated to two instances of DefaultLdapAuthoritiesPopulator - one using your "cn=sms" entry as its search base and one using "cn=mobile". Set the rolePrefix properties to be ROLE_SMS and ROLE_MOBILE respectively. Then you will have ROLE_SMS_USER and ROLE_MOBILE_USER available in your app and can configure it to use them as you wish.
      Last edited by Luke Taylor; Nov 19th, 2006, 04:49 PM.

      Comment


      • #4
        Thanks Luck.
        I am thinking of customization role population.
        Following is solution I thought about according to your suggestion.
        1> Define property for sms and mobile search base
        2> Define rolePrefix for sms module and mobile module
        3> Update method
        GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails);
        And try to get roles for both two group search base and rolePrefix. I think it's
        reasonable to implement it.

        Is it same as just you said "You could possibly do this by writing an LdapAuthoritiesPopulator implementation which delegated to two instances of DefaultLdapAuthoritiesPopulator"?

        Thanks, I don't want to give acegi security up.

        Comment

        Working...
        X