-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
1.7.0.CR1
-
None
Double check Elytron ldap realm is capable doing this:
Having ldap entries like this
dn: cn=jduke,ou=Roles,ou=example2,${dnSuffix}
objectClass: top
objectClass: organizationalRole
description: cn=Echo,ou=Roles,ou=example2,${dnSuffix}
description: cn=TheDuke,ou=Roles,ou=example2,${dnSuffix}
cn: jduke
User will have roles jduke, Echo and TheDuke.
This was possible with Picketbox with this configuration
EapSetupTask roleAttributesConfiguration =
new LdapExtSecurityDomainBuilder(SECURITY_DOMAIN_NAME_PREFIX + DEP2)
.prepareDefaultForLdapServer(ldapServer)
.baseCtxDN("ou=People,ou=example2," + ldapServer.getDNSuffix())
.rolesCtxDN("ou=Roles,ou=example2," + ldapServer.getDNSuffix())
.referral("ignore")
.roleFilter("(|(objectClass=referral)(cn={0}))")
.roleAttributeID("description")
.roleAttributeIsDN("true")
.roleNameAttributeID("cn")
.roleRecursion("0")
.configure();