Hi Chuck, First, welcome to the Shiro community - we're happy to have you participate! There is nothing wrong with requesting feature enhancements/updates and contributing fixes and fostering related discussion. In fact, we hope that the community does this on a regular basis for any of the Shiro components. This is a community-driven project, so we rely on folks like you to help things become better. So thanks!
As for this particular issue, could you please open a Jira issue to capture the code and configuration documentation? https://issues.apache.org/jira/browse/SHIRO All project features/work are managed via Jira, so unless it is reported there, it will be lost. We look forward to your submission! Cheers, -- Les Hazlewood CTO, Katasoft | http://www.katasoft.com | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood katasoft blog: http://www.katasoft.com/blogs/lhazlewood personal blog: http://leshazlewood.com On Wed, Mar 7, 2012 at 11:05 AM, Charles Syperski <[email protected]> wrote: > Hello, > > I am new to this list and Shiro, I have only been testing it for two days, > so please be gentle. > > I have found the JndiLdapRealm to be VERY limiting, especially since it only > allows a single OU due to the use of 'userDnTemplate'. I have extended the > JndiLdapRealm class to allow for sub-tree searches with a base OU as well as > customized search filters. I wanted to post it two this list for two > reasons, the first is to make sure I am not doing something stupid with the > framework since I am pretty new to it. I also wanted to share it with > anyone else that might be having issues with the current LDAP > implementation. > > Here is the source: > > http://bit.ly/yJGoyL > > Your shiro.ini would change as follows: > > ldapRealm = [yourpackagename].CWSJndiLdapRealm > #ldapRealm.userDnTemplate = cn={0},ou=test,o=test # No longer needed! > ldapRealm.searchBase = o=dist88 # NEW - The search root > ldapRealm.searchFilter = (cn={0}) # NEW - any valid searchFilter like > (&(objectCategory=person)(objectClass=user)(uid={0})) > ldapRealm.contextFactory.url = ldap://X.X.X.X:389 > ldapRealm.contextFactory.authenticationMechanism = DIGEST-MD5 > ldapRealm.contextFactory.systemUsername = cn=someuser,o=test > ldapRealm.contextFactory.systemPassword = somepassword > > If multiple objects match the searchFilter, then it will cycle through all > of them and attempt to authenticate. > > Since I am new, if I am doing this all wrong, or if there is a better way, > please let me know. > > Thanks, > Chuck
