The pattern for building the value of Context.SECURITY_PRINCIPAL is defined to be domain\user.
This is not generally correct.
The "Context.SECURITY_PRINCIPAL" should be the DN of the user. The definition of the mapping from
the username provided on the login screen to the DN should be freely configurable, as the DN can be virtually anything.
Fix: Provide a property "userDNPattern"
(maybe like spring ldap does via "uid={0},ou=whatiwant", where {0} is replaced by the username from the login screen)
Use this inside the class "LdapAuth" instead of the hard wired "domain\user".
Hint: Newly added properties in config.cfg should have a reasonable default value in the java-code if they
are not found in config.cfg! Some container builds grab the latest version from here, but provide their own config file. They will fail if they have missing values in their config otherwise.
The pattern for building the value of Context.SECURITY_PRINCIPAL is defined to be domain\user. This is not generally correct.
The "Context.SECURITY_PRINCIPAL" should be the DN of the user. The definition of the mapping from the username provided on the login screen to the DN should be freely configurable, as the DN can be virtually anything.
Fix: Provide a property "userDNPattern" (maybe like spring ldap does via "uid={0},ou=whatiwant", where {0} is replaced by the username from the login screen) Use this inside the class "LdapAuth" instead of the hard wired "domain\user".
Hint: Newly added properties in config.cfg should have a reasonable default value in the java-code if they are not found in config.cfg! Some container builds grab the latest version from here, but provide their own config file. They will fail if they have missing values in their config otherwise.