[
https://issues.apache.org/jira/browse/GRIFFIN-207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16658594#comment-16658594
]
ASF GitHub Bot commented on GRIFFIN-207:
----------------------------------------
Github user toyboxman commented on a diff in the pull request:
https://github.com/apache/incubator-griffin/pull/441#discussion_r226904191
--- Diff:
service/src/main/java/org/apache/griffin/core/login/ldap/SelfSignedSocketFactory.java
---
@@ -0,0 +1,68 @@
+package org.apache.griffin.core.login.ldap;
--- End diff --
you should add apache license claim here
> LDAP auth is not supporting group filters and non-CN login names
> ----------------------------------------------------------------
>
> Key: GRIFFIN-207
> URL: https://issues.apache.org/jira/browse/GRIFFIN-207
> Project: Griffin (Incubating)
> Issue Type: Bug
> Reporter: Nikolay Sokolov
> Assignee: Nikolay Sokolov
> Priority: Major
>
> Currently LDAP auth performs bind to principal with name
> "${username}${ldap.email}", and searches through user objects
> ldap.searchPattern. Result of search then only used to retrieve fullName of
> the user.
> There are two problems here:
> * login username can not be different than CN, as it is used to perform LDAP
> bind
> * it is not possible to restrict access to specific groups
> Typical approach used in other software products is to use separate bind
> account, which would search through LDAP objects using search pattern, and
> then use found object's DN to perform password check.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
