[jira] [Commented] (SHIRO-640) Support user search LDAP expressions

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Commented] (SHIRO-640) Support user search LDAP expressions

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SHIRO-640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16258114#comment-16258114 ]

ASF GitHub Bot commented on SHIRO-640:

GitHub user mephi42 opened a pull request:


    [SHIRO-640] queryForAuthenticationInfo(): resolve DN using user name

    I am trying to use ActiveDirectoryRealm with searchFilter in order to make it possible to log in using e-mail (which is not part of DN). I see that this is partially supported in getRoleNamesForUser(), but not in queryForAuthenticationInfo().
    This change make it fully work for me, but I have a feeling that it may disturb other users, so I'm willing to work on improving it.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/mephi42/shiro resolve-ldap-dn

Alternatively you can review and apply these changes as the patch at:


To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #74
commit d09d2e8a3394ad820af874b01473807e9080a92e
Author: mephi42 <[hidden email]>
Date:   2017-11-18T13:48:32Z

    [SHIRO-640] queryForAuthenticationInfo(): resolve user name


> Support user search LDAP expressions
> ------------------------------------
>                 Key: SHIRO-640
>                 URL: https://issues.apache.org/jira/browse/SHIRO-640
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Realms
>    Affects Versions: 1.2.3
>            Reporter: mephi42
>            Priority: Trivial
> I'm trying to deploy Apache Zeppelin (https://zeppelin.apache.org/), which uses Shiro for security. In our organization LDAP is set up in a way that everybody authenticates using email address (which is not part of DN), rather than UID (which is part of DN, but looks extremely ugly).
> Other solutions integrate with this scheme by letting me configure LDAP search expression to resolve user DN, for example: (&(mail=%s)(objectclass=Person)). The resolved DN is then used in a regular way for authentication.
> I wonder if it would be possible to add such functionality to Shiro?

This message was sent by Atlassian JIRA