Details
-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
1.7.0.CR1
-
None
Description
Double check Elytron ldap realm is capable doing this:
Having ldap entries like this
dn: cn=jduke,ou=Roles,ou=example2,${dnSuffix} objectClass: top objectClass: organizationalRole description: cn=Echo,ou=Roles,ou=example2,${dnSuffix} description: cn=TheDuke,ou=Roles,ou=example2,${dnSuffix} cn: jduke
User will have roles jduke, Echo and TheDuke.
This was possible with Picketbox with this configuration
EapSetupTask roleAttributesConfiguration = new LdapExtSecurityDomainBuilder(SECURITY_DOMAIN_NAME_PREFIX + DEP2) .prepareDefaultForLdapServer(ldapServer) .baseCtxDN("ou=People,ou=example2," + ldapServer.getDNSuffix()) .rolesCtxDN("ou=Roles,ou=example2," + ldapServer.getDNSuffix()) .referral("ignore") .roleFilter("(|(objectClass=referral)(cn={0}))") .roleAttributeID("description") .roleAttributeIsDN("true") .roleNameAttributeID("cn") .roleRecursion("0") .configure();