Bernhard Thalmayr (Migrated from SEC-2494) said:
Attributes of LDAP entries need not be unique within the Directory Information Tree, only the DN is unique so it would be quite nice to use the whole DN as 'role' name.
following configuration leads to no role mapping ..
<beans:bean id="ldapAuthoritiesPopulator" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="ldapContextSource"/>
<beans:constructor-arg value=""/>
<beans:property name="groupRoleAttribute" value="dn"/>
<beans:property name="rolePrefix" value=""/>
<beans:property name="searchSubtree" value="true"/>
</beans:bean>
Feb 19 17:30:05 DEBUG [SpringSecurityLdapTemplate] No attribute value found for 'dn'
Feb 19 17:30:05 DEBUG [SpringSecurityLdapTemplate] No attribute value found for 'dn'
Feb 19 17:30:05 DEBUG [DefaultLdapAuthoritiesPopulator] Roles from search: []
Bernhard Thalmayr (Migrated from SEC-2494) said:
Attributes of LDAP entries need not be unique within the Directory Information Tree, only the DN is unique so it would be quite nice to use the whole DN as 'role' name.
following configuration leads to no role mapping ..