Generalize LDAP group processing / LDAP group expansion
-------------------------------------------------------
Key: AMQ-3770
URL: https://issues.apache.org/jira/browse/AMQ-3770
Project: ActiveMQ
Issue Type: Improvement
Components: Broker
Affects Versions: 5.5.1
Reporter: Chris Robison
One of the issues with the way that LDAP integration is implemented in ActiveMQ
is that it is making some serious assumptions based on how the examples are for
Apache Directory. These assumptions prevent other LDAP implementations from
functioning correctly (e.g., Active Directory). I've gone in and replaced all
of the String.split stuff with LdapName. LdapName is Java's implementation of
RFC 2253 for names in LDAP. All current test cases still work, while allowing
other LDAP implementations to work.
I've also implemented group expansion for the LDAPLoginModule. For example,
group A is a member of groups B and C. User X is a member of group A, which
should mean user X is also a member of groups B and C by virtue of being in
group A. This allows for a hierarchy of roles making role management much
easier in my opinion.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
