Project

General

Profile

Actions

Bug #3829

closed

Missing/incomplete LDAP group support

Added by Matthew Hall over 11 years ago. Updated about 11 years ago.

Status:
Released
Priority:
2
Category:
Web - Maintenance
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

Using LDAP authentication (configuration included below), LDAP users are authenticated but immediately logged out - due to Rudder being unable to read the group membership.

This was discussed on #rudder (see attached conversation).

NB: It was also mentioned during the IRC conversation that the documentation references the wrong version of an LDAP library required for functionality. The corrected version was used in revealing this bug.

    <authentication-manager>
        <authentication-provider ref="ldapAuthenticationProvider"/>
    </authentication-manager>

    <beans:bean id="contextSource" 
     class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <beans:constructor-arg value="ldap://XX.YY.ZZ.AA:389/dc=BBBB"/>
        <beans:property name="anonymousReadOnly" value="true"/>
    </beans:bean>

    <beans:bean id="ldapAuthenticationProvider" 
     class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <beans:constructor-arg>
            <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
                <beans:constructor-arg ref="contextSource"/>
                <beans:property name="userDnPatterns">
                    <beans:list><beans:value>cn={0},ou=Users</beans:value></beans:list>
                </beans:property>
            </beans:bean>
        </beans:constructor-arg>
        <beans:constructor-arg>
            <beans:bean
             class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
                <beans:constructor-arg ref="contextSource"/>
                <beans:constructor-arg value="ou=Groups"/>
                <beans:property name="groupRoleAttribute" value="cn"/>
            </beans:bean>
        </beans:constructor-arg>
    </beans:bean>

Files

rudder_irc.txt (10.9 KB) rudder_irc.txt IRC convo on the subject Matthew Hall, 2013-08-12 18:05

Subtasks 1 (0 open1 closed)

Bug #3949: Update documentation for LDAP integrationReleasedJonathan CLARKE2013-09-20Actions
Actions

Also available in: Atom PDF