[GLASSFISH-3731] LDAPRealm: Selection of group through the DN Created: 05/Oct/07  Updated: 06/Mar/12

Status: Open
Project: glassfish
Component/s: security
Affects Version/s: V3
Fix Version/s: not determined

Type: Improvement Priority: Critical
Reporter: granat Assignee: raharsha
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: All
Platform: All

Issuezilla Id: 3,731



In our central LDAP server, a lot of applications are grouped like this:

  • applications
  • app1
  • role1
  • role2
  • app2
  • role1
  • role2

We do not define the roles as being unique in the whole tree to make it easier
for the LDAP administrators to handle them. The Users are mapped to the
application roles either directly or through an organisation group (analog
application, but for organisational purposes).

The problem I have is that GlassFish V2 doesn't allow the field definition of
the group to be the DN (which is the only thing different between app1/role1 and
app2/role1) and I can only input the cn (which in this case would be wrong,
giving users permissions they should not have). I think the problem is because
DN is not something you can get as a field from the ldap protocol but is a
special method call.


Comment by Tom Mueller [ 06/Mar/12 ]

Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.

Generated at Thu Jan 19 08:04:53 UTC 2017 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.