Details
-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
1.6.1.Final
-
None
Description
During comparing PicketBox an Elytron we came to one scenario which I am not sure if is covered by Elytron.
"As a user I am able to authenticate and authorize into web application secured by LDAP (where the same is used for storing identities and roles) and roles are stored in tree structure and should be only referenced object." Author is Ondra Lukas which is not with us anymore so I tried to think about what could this be about? Based on context I came to conclusion this is about OBJECT_SCOPE value of property searchScope.
Could you revise if same is possible with Elytron? But anyway I am not sure how that feature can be useful. But maybe there is some corner case it can be useful I am not aware of.
dn: ou=People,${dnSuffix}
objectclass: top
objectclass: organizationalUnit
ou: People
dn: uid=jduke,ou=People,${dnSuffix}
objectclass: top
objectclass: person
objectclass: inetOrgPerson
uid: jduke
cn: Java Duke
sn: Duke
userPassword: Password1
dn: ou=RolesLevel1,${dnSuffix}
objectclass: top
objectclass: organizationalUnit
ou: RolesLevel1
dn: cn=RoleUnderLevel1,ou=RolesLevel1,${dnSuffix}
objectclass: top
objectclass: groupOfNames
cn: RoleUnderLevel1
member: uid=jduke,ou=People,${dnSuffix}
description: the RoleUnderLevel1 group