search

vt-middleware / ldaptive

A simple, extensible Java API for interacting with LDAP servers
56 stars 26 forks source link

Added a configuration option to the SearchDnResolver to allow returning an attribute in the entry, if present. #192

Closed elmendavies closed 3 years ago

elmendavies commented 3 years ago

Dear all, The configuration parameter proposed and the implementation is to be used in CAS for the following use case. Suppose we have these entries:

Identity entry:

dn: cn=12345,o=people,dc=example,dc=com userPassword: 1234 attributeA: AAAA attributeB: CCCC attributeC: CCCC

Mail account entry:

dn: mail=username1@company.com,o=accounts,dc=example,dc=com owner: cn=12345,o=people,dc=example,dc=com mail: username@company.com

What we want is to allow the user using their mail "username1@company.com" and password "1234" for credentials, without the need to copy and maintain the userPassword field synchronized in both the Identity and Mail account entries.

This is a proposal: If you think it is a good approach and consider for inclusion in master as is, I will to have time to, first, implement the changes in a modified CAS and, then, check then in a local environment.

What do you think about the solution?

Thank you very much in advance!

dfish3r commented 3 years ago

Interesting use case. At first I thought this may merit a subclass, but there probably isn't enough here for that. In general +1 on the proposal. I'll likely clean up the implementation a bit and possibly rename resolveDnFromAttribute to resolveFromAttribute.

elmendavies commented 3 years ago

I agree. Changed.

I will check if with these changes it is enough to support the use case in CAS (I will implement it to test).

dfish3r commented 3 years ago

Any update on this PR?

elmendavies commented 3 years ago

I have implemented in CAS in a local branch to test. But I have come with some issues with the build process and I had no time this week to finish. I hope to get time and finish testing in no more than a week. BR, Miguel

elmendavies commented 3 years ago

Hi Daniel,

I have tested and added the PR in CAS to check whether the approach is right in this way.

https://github.com/elmendavies/cas/tree/use-attribute-to-bind https://github.com/apereo/cas/pull/5112

During the testing I found that the behavior wasn't correct and I have corrected.

Best regards, Miguel

dfish3r commented 3 years ago

This looks like it's ready to go. If so, please remove WIP from the title and I'll merge. Thanks.

elmendavies commented 3 years ago

Here you are! Thanks