Modifications to support new SearchDnResolver's resolveFromAttribute parameter #5112
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Miguel Martinez de Espronceda seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
|
Conceptually, no problems. Let's revisit when the ldaptive release is available. |
|
I moved a check in LDAPTIVE to configuration propoerties ("if the cas.authn.ldap[0].resolve-from-attribute is initialized from blank string make it null"): |
|
Merged out of band. Thank you for the contribution! |
mmoayyed
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Dear all,
By default, CAS LDAP module in the AUTHENTICATED or ANONYMOUS configuration will search for an entry using the search settings, obtain the entry's DN, authenticate against that DN, and then proceed with attribute resolution.
I have included the code for allowing to use an arbitrary LDAP entry's attribute to use to autenticate against. The solution is to add a resolveFromAttribute in the SearchDnResolver that, when present, will make the resolver to try to autenticate using the DN on the attribute specificated.
I added an example in LDAPTIVE:
vt-middleware/ldaptive#192 (comment)
For the test, I have used a modified version of the mmoayyed/ldap Docker image. The modification is the following:
#ldapmodify ...
dn: cn=PD Managers,ou=Groups,dc=example,dc=org
changetype: modify
add: owner
owner: cn=admin,dc=example,dc=org
In this example, the test defines the new configuration parameter set to:
cas.authn.ldap[0].resolve-from-attribute=owner
The test checks that the user can authenticate using PD Managers as username and admin's credential.
The ldaptive dependency is set to 2.0.2-SNAPSHOT (compiled from PR vt-middleware/ldaptive#192).
WIP, things to do:
Do you see any problem with this implementation?
Best regards,
Miguel