Modifications to support new SearchDnResolver's resolveFromAttribute parameter #5112
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Dear all,
By default, CAS LDAP module in the AUTHENTICATED or ANONYMOUS configuration will search for an entry using the search settings, obtain the entry's DN, authenticate against that DN, and then proceed with attribute resolution.
I have included the code for allowing to use an arbitrary LDAP entry's attribute to use to autenticate against. The solution is to add a resolveFromAttribute in the SearchDnResolver that, when present, will make the resolver to try to autenticate using the DN on the attribute specificated.
I added an example in LDAPTIVE:
vt-middleware/ldaptive#192 (comment)
For the test, I have used a modified version of the mmoayyed/ldap Docker image. The modification is the following:
#ldapmodify ...
dn: cn=PD Managers,ou=Groups,dc=example,dc=org
changetype: modify
add: owner
owner: cn=admin,dc=example,dc=org
In this example, the test defines the new configuration parameter set to:
cas.authn.ldap[0].resolve-from-attribute=owner
The test checks that the user can authenticate using PD Managers as username and admin's credential.
The ldaptive dependency is set to 2.0.2-SNAPSHOT (compiled from PR vt-middleware/ldaptive#192).
WIP, things to do:
Do you see any problem with this implementation?
Best regards,
Miguel