Patches item #572983, was opened at 2002-06-24 06:41 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=376687&aid=572983&group_id=22866
Category: JBossSX Group: v3.1 Status: Open Resolution: None Priority: 5 Submitted By: Ben Alex (benalex) Assigned to: Nobody/Anonymous (nobody) Summary: LdapLoginModule user-specific role cntxt Initial Comment: In Application Service Provider (ASP) environments, it is useful to place different customers in different LDAP containers. For example, an ASP may have two customers and need to represent them in LDAP as: dc=customer1,dc=com ou=roles,dc=customer1,dc=com ou=people,dc=customer1,dc=com dc=customer2,dc=com ou=roles,dc=customer2,dc=com ou=people,dc=customer2,dc=com The attached modification to LdapLoginModule supports different role contexts based on the user being authenticated. It does this by using a new application- policy configuration property called "userOverrideRolesCtxDN" that specifies an attribute that may exist in an authenticated LDAP user object. If found, this attribute defines a new "rolesCtxDN" for looking up that user's roles. Put differently, any LDAP user object can "point" to a specific LDAP location to collect their roles. The LDAP server configuration must ensure unauthorised users cannot edit their user object to "point" to a new container where they have editing privileges and grant themselves new roles. The change is fully backward compatible. If the "userOverrideRolesCtxDN" is not defined in the application-policy, the new functionality is ignored. I have tested this change with my own schema, OpenLDAP and the latest JBoss CVS snapshot. Feedback welcome. Ben Alex ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=376687&aid=572983&group_id=22866 ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development