Class UseridAttributeLdapContextMapper
- java.lang.Object
-
- org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
-
- org.pentaho.platform.engine.security.UseridAttributeLdapContextMapper
-
- All Implemented Interfaces:
org.springframework.security.ldap.userdetails.UserDetailsContextMapper
public class UseridAttributeLdapContextMapper extends org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
The purpose of this class is to provide a means of normalizing user ids in case-insensitive LDAP environments. This was successfully tested with MS Active Directory, but should also work with any other directory that is case insensitive. The problem being addressed is well stated in BISERVER-5994. This mapper gets used in place of the default LdapUserDetailsMapper in the applicationContext-spring-security-ldap.xml To install this class, you need to do the following:- Modify applicationContext-spring-security-ldap.xml
- Locate the bean
daoAuthenticationProvider
- After the constructor arg bits, add a new property as follows:
- Below the close of the definition of the
daoAuthenticationProvider
bean, create theldapContextMapper
bean as shown - make sure you update the property name to match your environment. The default issamAccountName
<property name="userDetailsContextMapper"> <ref local="ldapContextMapper" /> </property>
<bean id="ldapContextMapper" class="org.pentaho.platform.engine.security.UseridAttributeLdapContextMapper"> <property name="ldapUsernameAttribute" value="samAccountName" /> </bean>
-
-
Constructor Summary
Constructors Constructor Description UseridAttributeLdapContextMapper()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
getLdapUsernameAttribute()
org.springframework.security.core.userdetails.UserDetails
mapUserFromContext(org.springframework.ldap.core.DirContextOperations ctx, String username, Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)
void
setLdapUsernameAttribute(String value)
Sets the name of the LDAP attribute to use for the login name after authentication.
-
-
-
Method Detail
-
mapUserFromContext
public org.springframework.security.core.userdetails.UserDetails mapUserFromContext(org.springframework.ldap.core.DirContextOperations ctx, String username, Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)
- Specified by:
mapUserFromContext
in interfaceorg.springframework.security.ldap.userdetails.UserDetailsContextMapper
- Overrides:
mapUserFromContext
in classorg.springframework.security.ldap.userdetails.LdapUserDetailsMapper
-
setLdapUsernameAttribute
public void setLdapUsernameAttribute(String value)
Sets the name of the LDAP attribute to use for the login name after authentication.Example -
cn
Default value:
samAccountName
Set the value as a bean property in the
applicationContext-spring-security-ldap.xml
- Parameters:
value
-
-
getLdapUsernameAttribute
public String getLdapUsernameAttribute()
-
-