search

NCEAS / metacat

Data repository software that helps researchers preserve, share, and discover data
https://knb.ecoinformatics.org/software/metacat
GNU General Public License v2.0
26 stars 12 forks source link

Metacat login mechanism needs to handle the ldap alias account #996

Closed mbjones closed 6 years ago

mbjones commented 6 years ago

Author Name: Jing Tao (Jing Tao) Original Redmine Issue: 6321, https://projects.ecoinformatics.org/ecoinfo/issues/6321 Original Date: 2013-12-19 Original Assignee: Jing Tao

We are planning to trim the nceas ldap to have one subtree ou=Account which has the real users. The other subtrees, such as o=unaffiliated, will be an alias to an entry in ou=Account. The alias entry looks like:

dn: uid=wu,o=unaffiliated,dc=ecoinformatics,dc=org objectClass: alias ObjectLcass: extensibleObject uid: wu aliasedObjectName: uid=tao,ou=Account,dc=ecoinformatics,dc=org

LDAP doesn't provide the dereference mechanism for the bind. It only provides the search dereference: ldapsearch -x -a search -h ldap-dev.ecoinformatics.org -b uid=wu,o=unaffiliated,dc=ecoinformatics,dc=org

We need to add code on Metacat AuthLdap to handle the alias login.

mbjones commented 6 years ago

Original Redmine Comment Author Name: Jing Tao (Jing Tao) Original Date: 2013-12-24T21:50:44Z

The code was added to handle the alias. But we need to add code to handle get groups as well.

mbjones commented 6 years ago

Original Redmine Comment Author Name: Jing Tao (Jing Tao) Original Date: 2014-01-06T23:30:05Z

Add a method named getAliasedDn. This method derefer the alias to the real object.

This method is applied in the authenticate, getUserInfo and getGroups(String user). I tested it and it worked.