search

tusury / vt-middleware

Automatically exported from code.google.com/p/vt-middleware
0 stars 0 forks source link

ldaptive: Include a UPN Search Resolver #224

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Background thread:
https://github.com/Jasig/cas/pull/655

CAS contains an ldaptive extension for resolving search entries by UPN:
https://github.com/Jasig/cas/blob/master/cas-server-support-ldap/src/main/java/o
rg/jasig/cas/authentication/support/UpnSearchEntryResolver.java

It seems like this component might serve others better and CAS if it was 
included in ldaptive. 

I can provide a patch if needed, but porting over the code must be trivial.

Original issue reported on code.google.com by misagh.moayyed on 19 Aug 2014 at 6:47

GoogleCodeExporter commented 8 years ago

Original comment by dfis...@gmail.com on 19 Aug 2014 at 1:10

GoogleCodeExporter commented 8 years ago 
If you would like me to provide a patch, please do let me know.

Original comment by misagh.moayyed on 19 Aug 2014 at 3:27

GoogleCodeExporter commented 8 years ago 
Rather than adding the UpnSearchEntryResolver, I refactored the existing 
SearchEntryResolver so that it can be used for onelevel and subtree searching.
Active directory isn't the only use case for this, so a more generic solution 
seemed in order.

Fixed in r3056.

Original comment by dfis...@gmail.com on 9 Sep 2014 at 8:53

GoogleCodeExporter commented 8 years ago 
Great, thank you. So once the next version is out, 1.0.5? we can deprecate the 
UPN resolver component in CAS, etc.

Original comment by misagh.moayyed on 16 Sep 2014 at 3:27

GoogleCodeExporter commented 8 years ago 
Daniel, question on this issue:

I see that the filter string can now directly be set on the SearchEntryResolver 
and the request can be scoped to SUBTREE. Great!

What I fail to see if the ability to control the filter string based on the 
authentication criteria. I see that the "user" is a named parameter for DN. Is 
there a setting to its value can be configured to not always be the DN but the 
user only?

If my filter is: "userPrincipalName={user}", could I somehow configure the 
resolver to use "ac.getAuthenticationRequest().getUser()" as the value, instead 
of "ac.getDn()" ?

Context:
https://github.com/Jasig/cas/pull/655/files

I am upgrading CAS to ldaptive 1.0.5 and this would make that very smooth.

Original comment by misagh.moayyed on 29 Oct 2014 at 2:59

GoogleCodeExporter commented 8 years ago 
Because otherwise, I am still going to have to subclass the 
SearchEntryResolver. A setting somewhere in the tree that would allow changing 
this value would be great!

Original comment by misagh.moayyed on 29 Oct 2014 at 3:01

GoogleCodeExporter commented 8 years ago 
> I see that the "user" is a named parameter for DN.

Where do you see that?
{user} and {dn} should both be available.
Otherwise it's a bug.

Original comment by dfis...@gmail.com on 29 Oct 2014 at 3:25

GoogleCodeExporter commented 8 years ago 
Just spotted this:

https://code.google.com/p/vt-middleware/source/browse/ldaptive/core/trunk/src/ma
in/java/org/ldaptive/auth/AbstractSearchEntryResolver.java?spec=svn3056&r=3056#3
21

Admittedly, it's pretty hard to follow code on the web so it may have been 
overridden somewhere. I dont see any options or references to 
ac.getAuthenticationRequest().getUser() for the filter value though.

Original comment by misagh.moayyed on 29 Oct 2014 at 5:41

GoogleCodeExporter commented 8 years ago 
That's an older revision:

https://code.google.com/p/vt-middleware/source/diff?spec=svn3087&r=3058&format=s
ide&path=/ldaptive/core/trunk/src/main/java/org/ldaptive/auth/AbstractSearchEntr
yResolver.java&old_path=/ldaptive/core/trunk/src/main/java/org/ldaptive/auth/Abs
tractSearchEntryResolver.java&old=3057

Original comment by dfis...@gmail.com on 29 Oct 2014 at 5:46

GoogleCodeExporter commented 8 years ago 
Ah perfect, thanks!

Original comment by misagh.moayyed on 29 Oct 2014 at 5:48