Has anyone been able to use the LDAPAuthorizationMap successfully with Active Directory? In my investigation, I don't think it will ever work in its current state. When looking at the code, it is making the assumption that the value of the member attribute (or what ever attribute you are using) is always going to be in the form "{0}={1}" (a RDN). But, according to the OpenLDAP spec, the member attribute value is a distinguished name. That means values are a comma delimited list of RDNs. So, for example I have AD groups that represent MQ roles. Here's one I use: "CN=MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". The LDAPAuthorizationMap considers the name of the role "MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". Is this by design? I would be happy to submit a patch to change this behavior. Thoughts?
Chris Robison