-
1. Re: LDAP UserGroupCallback with bind credentials
swiderski.maciej Jan 22, 2013 10:52 AM (in response to asha.maha)This is certainly a bug, could you please file a jira for this, if you would like to contribute you could submit a patch by doing pull request
Thanks for bringing this up!
Cheers
-
2. Re: LDAP UserGroupCallback with bind credentials
phan Jan 31, 2013 9:23 PM (in response to asha.maha)Have you tried using the 'java.naming.security.principal' and 'java.naming.security.credentials' in your properties file? They worked for me (thank you for the hints).
Also, what is the correct configurations to get just the CN for a user's groups (e.g. just 'user', or 'admin') into the task.OrganizationalEntity table? Below is a section of my current configuration, which results ininserting the entire string 'CN=admin,CN=Users,DC=...' as the 'Group' id. Thanks in advance.
-------------
# Filter that will be used to search for user information,
# usually will contain substitution keys {0} to be replaced with parameters
# (mandatory)
ldap.user.filter=(sAMAccountName\={0})
# Attribute name of the user id in Active Directory
ldap.user.attr.id=sAMAccountName
# Filter that will be used to search for group/role information,
# usually will contain substitution keys {0} to be replaced with parameters
# (mandatory)
ldap.role.filter=(sAMAccountName\={0})
# Filter that will be used to search for user group/role membership information,
# usually will contain substitution keys {0} to be replaced with parameters
# (mandatory)
ldap.user.roles.filter=(sAMAccountName\={0})
# Attribute name of the group/role id in Active Directory
# (optional, if not given 'cn' will be used)
ldap.roles.attr.id=memberOf
# User id a DN, instructs the callback to query for user DN
# before searching for roles (optional, default false)
ldap.user.id.dn=true
-------------------
Found the answer on my own (due to my AD setup: both users and groups are under CN=Users, login user id is not DN):
# Filter that will be used to search for user group/role membership information,
# usually will contain substitution keys {0} to be replaced with parameters
# (mandatory)
ldap.user.roles.filter=(&objectclass\=group) (sAMAccountName\={0}))
# Attribute name of the group/role id in Active Directory
# (optional, if not given 'cn' will be used)
ldap.roles.attr.id=cn
# User id a DN, instructs the callback to query for user DN
# before searching for roles (optional, default false)
ldap.user.id.dn=false