Has anyone been able to use the LDAPAuthorizationMap successfully with
Active Directory? In my investigation, I don't think it will ever work in
its current state. When looking at the code, it is making the assumption
that the value of the member attribute (or what ever attribute you are
using) is always going to be in the form "{0}={1}" (a RDN). But, according
to the OpenLDAP spec, the member attribute value is a distinguished name.
That means values are a comma delimited list of RDNs. So, for example I
have AD groups that represent MQ roles. Here's one I use:
"CN=MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". The LDAPAuthorizationMap
considers the name of the
role "MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". Is this by design? I
would be happy to submit a patch to change this behavior. Thoughts?
Chris Robison
