Results 1 to 4 of 4

Thread: How to get base DN for LDAP search

  1. Nov 17th, 2006, 11:25 AM #1
    tony9427
    tony9427 is offline Junior Member
    Join Date
    Nov 2006
    Posts
    14

    Default How to get base DN for LDAP search

    Hi All,

    Normally the acegi security will reture authorities with the cn name such as cn=admin

    How can I get the whole DN for the role?
    for example

    cn=admin,ou=test,ou=com,ou=apple


    Best regards,

    Lucas Lu
  2. Nov 18th, 2006, 03:43 PM #2
    tony9427
    tony9427 is offline Junior Member
    Join Date
    Nov 2006
    Posts
    14

    Default

    It seems I need to describe it clearly.
    1> given base group search dn
    ou=application,ou=com,ou=apple

    2> There are tow submodule under application
    2.1 ou=sms,ou=application,ou=com,ou=apple
    with role cn=user (uid=james)
    2.2 ou=mobile,ou=application,ou=com,ou=apple
    it also with role cn=user (uid=john)

    Now when use acegi security, it will get roles with ROLE_USER
    But I need to know ROLE_USER is from module sms or mobile.

    How can I implement it???
    Because it's impossible to change existing LDAP structure, if I can not find the solution to this issue, I seems I will give up acegi security.



    Please help!!!!
  3. Nov 19th, 2006, 08:52 AM #3
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    It seems you are effectively talking about separate roles, depending on what part of the tree they are stored under, so you will have to customize the role population. You could possibly do this by writing an LdapAuthoritiesPopulator implementation which delegated to two instances of DefaultLdapAuthoritiesPopulator - one using your "cn=sms" entry as its search base and one using "cn=mobile". Set the rolePrefix properties to be ROLE_SMS and ROLE_MOBILE respectively. Then you will have ROLE_SMS_USER and ROLE_MOBILE_USER available in your app and can configure it to use them as you wish.
    Last edited by Luke Taylor; Nov 19th, 2006 at 03:49 PM.
  4. Nov 19th, 2006, 01:54 PM #4
    tony9427
    tony9427 is offline Junior Member
    Join Date
    Nov 2006
    Posts
    14

    Default

    Thanks Luck.
    I am thinking of customization role population.
    Following is solution I thought about according to your suggestion.
    1> Define property for sms and mobile search base
    2> Define rolePrefix for sms module and mobile module
    3> Update method
    GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails);
    And try to get roles for both two group search base and rolePrefix. I think it's
    reasonable to implement it.

    Is it same as just you said "You could possibly do this by writing an LdapAuthoritiesPopulator implementation which delegated to two instances of DefaultLdapAuthoritiesPopulator"?

    Thanks, I don't want to give acegi security up.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules