[Acegisecurity-developer] LDAP groupSearchFilter

Dimas Wed, 17 Oct 2007 05:48:19 -0700

Hi!

I am configuring JasperServer to authenticate users from LDAP and assign
their roles/groups. JasperServer security authentication is based on
AcegiSecurity bean so I try searching help in this list.


Until now the LDAP users can login to JS with their passwords, but their
ldap-grups aren't recognized. The secret is in the "
applicationContext-security.xml" file, and the important bean is:

<bean id="ldapAuthenticationProvider" class="
org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
     <constructor-arg>
       <bean class="
org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
          <constructor-arg><ref
local="initialDirContextFactory"/></constructor-arg>
          <property
name="userDnPatterns"><list><value>uid={0},ou=Users</value></list></property>
       </bean>
     </constructor-arg>
     <constructor-arg>
       <bean class="
org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
          <constructor-arg index="0"><ref
local="initialDirContextFactory"/></constructor-arg>
          <constructor-arg
index="1"><value>ou=Groups</value></constructor-arg>
          <property name="groupRoleAttribute"><value>cn</value></property>
          <property
name="groupSearchFilter"><value>(&amp;(memberUid={0})(objectclass=radiusprofile))</value></property>
       </bean>
     </constructor-arg>
   </bean>

The last property, "groupSearchFilter" is not working. It seems that the {0}
is not the username logging to the system. If I change it by:

<property
name="groupSearchFilter"><value>(&amp;(memberUid=abcdef)(objectclass=radiusprofile))</value></property>


where 'abcdefj' is a LDAP user. If I log to JS with the user abcdef it can
enter and his LDAP role is assigned. Why {0} is not working and literal
username yes? Some help please?

Thx!

-- 
____________________________________
Dimas Streich i Colomeda
dimas.sc ARROVA gmail.com
http://www.dimas.cat

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] LDAP groupSearchFilter

Reply via email to