Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when trying to parse first name last name from DN #196

Open
brianbolt opened this issue Oct 29, 2020 · 0 comments
Open

Error when trying to parse first name last name from DN #196

brianbolt opened this issue Oct 29, 2020 · 0 comments
Assignees
@brianbolt

Comments

@brianbolt
Copy link
Contributor

brianbolt commented Oct 29, 2020
edited
Loading

The default user context mapper for LDAP in ldap-authentication-provider does not give direct access to the CN of the user. Instead we rely on putting the CN into the DN of the user. This makes ACAS difficult to work with on many LDAP setups. This change allows the admin to configure the applicationContext-security.xml file to map users using inetOrgPerson which gives direct access to the CN when the object class of the person is inetOrgPerson.

This fix still relies on parsing the CN to get a first and last name but it avoids having to configure LDAP to put the CN into the DN of the user.

To configure this, the admin would:

Add the inetOrgPersonContextMapper bean into their context security file:

  <beans:bean id="postSuccessAuthHandler"
    class="com.labsynch.labseer.service.PostSuccessfulAuthenticationHandler">
  </beans:bean>

  <beans:bean id="inetOrgPersonContextMapper" class="org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper">
  </beans:bean>

And add the user-context-mapper-ref with value inetOrgPersonContextMapper to their ldap-authentication-provider details:

    <ldap-authentication-provider server-ref="ldapServer"
      user-dn-pattern=""
      user-search-filter="uid={0}"
      group-search-filter="(|(member={0})(cn={0}))"
      user-search-base="{{ user_search_base }}"
      group-search-base="{{ group_search_base }}"
      user-context-mapper-ref="inetOrgPersonContextMapper"
      />
brianbolt added a commit that referenced this issue Oct 29, 2020
@brianbolt
fixes #196 Add error log when unable to parse username from DN. Add i…
c2efeca 
…netOrgPerson user class mapper to get easier access to CN when ldap is using inetOrgPerson
@brianbolt brianbolt self-assigned this Oct 29, 2020
brianbolt added a commit that referenced this issue Oct 29, 2020
@brianbolt
Merge pull request #197 from mcneilco/196-inet-org-person-cn-access
8eac1d5 
fixes #196 Add error log when unable to parse username from DN.  Add …
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brianbolt brianbolt

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@brianbolt