ldap.dn.ROLE_* - only one entry?

Confluex / Zuul

Keymaster and Gatekeeper - Application Configuration Management

http://confluex.com

Apache License 2.0

42 stars 32 forks source link

ldap.dn.ROLE_* - only one entry? #100

Open grwalrath opened 8 years ago

grwalrath commented 8 years ago

Is it possible to have more than one group entry for the ldap.dn.ROLE_* entries in ldap.properties?

psmith commented 8 years ago

Are you asking if you can map a single role, lets say ROLE_ADMIN to multiple groups? Do you just have an example of the property entry that looks like what you are trying/wanting to do?

Paul

grwalrath commented 8 years ago

Yes, I'd specifically like to be able to do something like this:

ldap.dn.ROLE_USER=CN=DG_IS_DC_INTEGRATION_DEVELOPER,OU=GROUPS - DELEGATED,OU=COMPANY UNIVAR USA INC,DC=CHEMD,DC=NET;CN=DG_IS_DC_OTHER_GROUP,OU=GROUPS,OU=COMPANY UNIVAR USA INC,DC=CHEMD,DC=NET

psmith commented 8 years ago

Making a group of groups in ldap may work as written. Then just point ldap.dn.ROLE_USER=To_Your_meta_ldap_group.

Aside from that, I'm not sure of another way to do it other than writing some custom code. This just uses spring ldap security for ldap.