org.pentaho.platform.engine.security
Class UseridAttributeLdapContextMapper

java.lang.Object
  extended by org.springframework.security.userdetails.ldap.LdapUserDetailsMapper
      extended by org.pentaho.platform.engine.security.UseridAttributeLdapContextMapper
All Implemented Interfaces:
org.springframework.security.userdetails.ldap.UserDetailsContextMapper

public class UseridAttributeLdapContextMapper
extends org.springframework.security.userdetails.ldap.LdapUserDetailsMapper

The purpose of this class is to provide a means of normalizing user ids in case-insensitive LDAP environments. This was successfully tested with MS Active Directory, but should also work with any other directory that is case insensitive. The problem being addressed is well stated in BISERVER-5994. This mapper gets used in place of the default LdapUserDetailsMapper in the applicationContext-spring-security-ldap.xml To install this class, you need to do the following:

  1. Modify applicationContext-spring-security-ldap.xml
  2. Locate the bean daoAuthenticationProvider
  3. After the constructor arg bits, add a new property as follows:
  4.    <property name="userDetailsContextMapper">
         <ref local="ldapContextMapper" />
       </property>
     
  5. Below the close of the definition of the daoAuthenticationProvider bean, create the ldapContextMapper bean as shown - make sure you update the property name to match your environment. The default is samAccountName
  6.   <bean id="ldapContextMapper" class="org.pentaho.platform.engine.security.UseridAttributeLdapContextMapper">
        <property name="ldapUsernameAttribute" value="samAccountName" />
      </bean>
    


Constructor Summary
UseridAttributeLdapContextMapper()
           
 
Method Summary
 String getLdapUsernameAttribute()
           
 org.springframework.security.userdetails.UserDetails mapUserFromContext(org.springframework.ldap.core.DirContextOperations ctx, String username, org.springframework.security.GrantedAuthority[] authorities)
           
 void setLdapUsernameAttribute(String value)
          Sets the name of the LDAP attribute to use for the login name after authentication.
 
Methods inherited from class org.springframework.security.userdetails.ldap.LdapUserDetailsMapper
mapUserToContext, setConvertToUpperCase, setPasswordAttributeName, setRoleAttributes, setRolePrefix
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

UseridAttributeLdapContextMapper

public UseridAttributeLdapContextMapper()
Method Detail

mapUserFromContext

public org.springframework.security.userdetails.UserDetails mapUserFromContext(org.springframework.ldap.core.DirContextOperations ctx,
                                                                               String username,
                                                                               org.springframework.security.GrantedAuthority[] authorities)
Specified by:
mapUserFromContext in interface org.springframework.security.userdetails.ldap.UserDetailsContextMapper
Overrides:
mapUserFromContext in class org.springframework.security.userdetails.ldap.LdapUserDetailsMapper

setLdapUsernameAttribute

public void setLdapUsernameAttribute(String value)
Sets the name of the LDAP attribute to use for the login name after authentication.

Example - cn

Default value: samAccountName

Set the value as a bean property in the applicationContext-spring-security-ldap.xml

Parameters:
value -

getLdapUsernameAttribute

public String getLdapUsernameAttribute()