[SHIRO-640] queryForAuthenticationInfo(): resolve DN using user name
I am trying to use ActiveDirectoryRealm with searchFilter in order to make it possible to log in using e-mail (which is not part of DN). I see that this is partially supported in getRoleNamesForUser(), but not in queryForAuthenticationInfo().
This change make it fully work for me, but I have a feeling that it may disturb other users, so I'm willing to work on improving it.
You can merge this pull request into a Git repository by running:
[SHIRO-640] queryForAuthenticationInfo(): resolve user name
> Support user search LDAP expressions
> Key: SHIRO-640
> URL: https://issues.apache.org/jira/browse/SHIRO-640 > Project: Shiro
> Issue Type: Improvement
> Components: Realms
> Affects Versions: 1.2.3
> Reporter: mephi42
> Priority: Trivial
> I'm trying to deploy Apache Zeppelin (https://zeppelin.apache.org/), which uses Shiro for security. In our organization LDAP is set up in a way that everybody authenticates using email address (which is not part of DN), rather than UID (which is part of DN, but looks extremely ugly).
> Other solutions integrate with this scheme by letting me configure LDAP search expression to resolve user DN, for example: (&(mail=%s)(objectclass=Person)). The resolved DN is then used in a regular way for authentication.
> I wonder if it would be possible to add such functionality to Shiro?
This message was sent by Atlassian JIRA