Package org.pentaho.platform.engine.security

Class UseridAttributeLdapContextMapper

java.lang.Object

org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

org.pentaho.platform.engine.security.UseridAttributeLdapContextMapper

All Implemented Interfaces:

org.springframework.security.ldap.userdetails.UserDetailsContextMapper

public class UseridAttributeLdapContextMapper
extends org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

The purpose of this class is to provide a means of normalizing user ids in case-insensitive LDAP environments. This was successfully tested with MS Active Directory, but should also work with any other directory that is case insensitive. The problem being addressed is well stated in BISERVER-5994. This mapper gets used in place of the default LdapUserDetailsMapper in the applicationContext-spring-security-ldap.xml To install this class, you need to do the following:

1. Modify applicationContext-spring-security-ldap.xml
2. Locate the bean daoAuthenticationProvider
3. After the constructor arg bits, add a new property as follows:

    <property name="userDetailsContextMapper">
      <ref local="ldapContextMapper" />
    </property>
 

4. Below the close of the definition of the daoAuthenticationProvider bean, create the ldapContextMapper bean as shown - make sure you update the property name to match your environment. The default is samAccountName

   <bean id="ldapContextMapper" class="org.pentaho.platform.engine.security.UseridAttributeLdapContextMapper">
     <property name="ldapUsernameAttribute" value="samAccountName" />
   </bean>
 

Constructor Summary

Constructors

Constructor	Description
UseridAttributeLdapContextMapper()

Method Summary

Modifier and Type	Method	Description
String	getLdapUsernameAttribute()
org.springframework.security.core.userdetails.UserDetails	mapUserFromContext(org.springframework.ldap.core.DirContextOperations ctx, String username, Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)
void	setLdapUsernameAttribute(String value)	Sets the name of the LDAP attribute to use for the login name after authentication.

Methods inherited from class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

createAuthority, mapPassword, mapUserToContext, setConvertToUpperCase, setPasswordAttributeName, setRoleAttributes, setRolePrefix

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UseridAttributeLdapContextMapper

public UseridAttributeLdapContextMapper()

Method Detail

mapUserFromContext

public org.springframework.security.core.userdetails.UserDetails mapUserFromContext(org.springframework.ldap.core.DirContextOperations ctx,
                                                                                    String username,
                                                                                    Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)

Specified by:

mapUserFromContext in interface org.springframework.security.ldap.userdetails.UserDetailsContextMapper

Overrides:

mapUserFromContext in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

setLdapUsernameAttribute

public void setLdapUsernameAttribute(String value)

Sets the name of the LDAP attribute to use for the login name after authentication.

Example - cn

Default value: samAccountName

Set the value as a bean property in the applicationContext-spring-security-ldap.xml

Parameters:

value -

getLdapUsernameAttribute

public String getLdapUsernameAttribute()