Details
-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
1.6.1.Final
-
None
Description
During comparing PicketBox an Elytron we came to one scenario which I am not sure if is covered by Elytron.
"As a user I am able to authenticate and authorize into web application secured by LDAP (where the same is used for storing identities and roles) and roles are stored in tree structure and should be only referenced object." Author is Ondra Lukas which is not with us anymore so I tried to think about what could this be about? Based on context I came to conclusion this is about OBJECT_SCOPE value of property searchScope.
Could you revise if same is possible with Elytron? But anyway I am not sure how that feature can be useful. But maybe there is some corner case it can be useful I am not aware of.
dn: ou=People,${dnSuffix} objectclass: top objectclass: organizationalUnit ou: People dn: uid=jduke,ou=People,${dnSuffix} objectclass: top objectclass: person objectclass: inetOrgPerson uid: jduke cn: Java Duke sn: Duke userPassword: Password1 dn: ou=RolesLevel1,${dnSuffix} objectclass: top objectclass: organizationalUnit ou: RolesLevel1 dn: cn=RoleUnderLevel1,ou=RolesLevel1,${dnSuffix} objectclass: top objectclass: groupOfNames cn: RoleUnderLevel1 member: uid=jduke,ou=People,${dnSuffix} description: the RoleUnderLevel1 group