org.pentaho.platform.engine.security
Class UseridAttributeLdapContextMapper
java.lang.Object
org.springframework.security.userdetails.ldap.LdapUserDetailsMapper
org.pentaho.platform.engine.security.UseridAttributeLdapContextMapper
- All Implemented Interfaces:
- org.springframework.security.userdetails.ldap.UserDetailsContextMapper
public class UseridAttributeLdapContextMapper
- extends org.springframework.security.userdetails.ldap.LdapUserDetailsMapper
The purpose of this class is to provide a means of normalizing user ids in
case-insensitive LDAP environments. This was successfully tested with
MS Active Directory, but should also work with any other directory
that is case insensitive. The problem being addressed is well stated
in BISERVER-5994. This mapper gets used in place of the default
LdapUserDetailsMapper in the applicationContext-spring-security-ldap.xml
To install this class, you need to do the following:
- Modify applicationContext-spring-security-ldap.xml
- Locate the bean
daoAuthenticationProvider
- After the constructor arg bits, add a new property as follows:
<property name="userDetailsContextMapper">
<ref local="ldapContextMapper" />
</property>
- Below the close of the definition of the
daoAuthenticationProvider
bean, create the ldapContextMapper
bean as shown - make sure you update the property name to match your environment. The default is samAccountName
<bean id="ldapContextMapper" class="org.pentaho.platform.engine.security.UseridAttributeLdapContextMapper">
<property name="ldapUsernameAttribute" value="samAccountName" />
</bean>
Methods inherited from class org.springframework.security.userdetails.ldap.LdapUserDetailsMapper |
mapUserToContext, setConvertToUpperCase, setPasswordAttributeName, setRoleAttributes, setRolePrefix |
UseridAttributeLdapContextMapper
public UseridAttributeLdapContextMapper()
mapUserFromContext
public org.springframework.security.userdetails.UserDetails mapUserFromContext(org.springframework.ldap.core.DirContextOperations ctx,
String username,
org.springframework.security.GrantedAuthority[] authorities)
- Specified by:
mapUserFromContext
in interface org.springframework.security.userdetails.ldap.UserDetailsContextMapper
- Overrides:
mapUserFromContext
in class org.springframework.security.userdetails.ldap.LdapUserDetailsMapper
setLdapUsernameAttribute
public void setLdapUsernameAttribute(String value)
- Sets the name of the LDAP attribute to use for the login name after authentication.
Example - cn
Default value: samAccountName
Set the value as a bean property in the applicationContext-spring-security-ldap.xml
- Parameters:
value
-
getLdapUsernameAttribute
public String getLdapUsernameAttribute()