Merge "Expand capabilities of ldap.groupMemberPattern"
This commit is contained in:
Shawn Pearce
@@ -1975,8 +1975,8 @@ corresponding attribute (in this case, `fooBarAttribute`) as read
|
|||||||
from the user's account object matched under `ldap.accountBase`.
|
from the user's account object matched under `ldap.accountBase`.
|
||||||
Attributes such as `${dn}` or `${uidNumber}` may be useful.
|
Attributes such as `${dn}` or `${uidNumber}` may be useful.
|
||||||
+
|
+
|
||||||
Default is `(memberUid=${username})` for RFC 2307,
|
Default is `(|(memberUid=${username})(gidNumber=${gidNumber}))` for
|
||||||
and unset (disabled) for Active Directory.
|
RFC 2307, and unset (disabled) for Active Directory.
|
||||||
|
|
||||||
[[ldap.groupName]]ldap.groupName::
|
[[ldap.groupName]]ldap.groupName::
|
||||||
+
|
+
|
||||||
|
|||||||
@@ -197,14 +197,12 @@ import javax.security.auth.login.LoginException;
|
|||||||
if (!schema.groupMemberQueryList.isEmpty()) {
|
if (!schema.groupMemberQueryList.isEmpty()) {
|
||||||
final HashMap<String, String> params = new HashMap<String, String>();
|
final HashMap<String, String> params = new HashMap<String, String>();
|
||||||
|
|
||||||
if (schema.groupNeedsAccount) {
|
|
||||||
if (account == null) {
|
if (account == null) {
|
||||||
account = findAccount(schema, ctx, username);
|
account = findAccount(schema, ctx, username);
|
||||||
}
|
}
|
||||||
for (String name : schema.groupMemberQueryList.get(0).getParameters()) {
|
for (String name : schema.groupMemberQueryList.get(0).getParameters()) {
|
||||||
params.put(name, account.get(name));
|
params.put(name, account.get(name));
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
params.put(LdapRealm.USERNAME, username);
|
params.put(LdapRealm.USERNAME, username);
|
||||||
|
|
||||||
@@ -286,7 +284,6 @@ import javax.security.auth.login.LoginException;
|
|||||||
final String accountMemberField;
|
final String accountMemberField;
|
||||||
final List<LdapQuery> accountQueryList;
|
final List<LdapQuery> accountQueryList;
|
||||||
|
|
||||||
boolean groupNeedsAccount;
|
|
||||||
final List<String> groupBases;
|
final List<String> groupBases;
|
||||||
final SearchScope groupScope;
|
final SearchScope groupScope;
|
||||||
final ParameterizedString groupPattern;
|
final ParameterizedString groupPattern;
|
||||||
@@ -321,11 +318,8 @@ import javax.security.auth.login.LoginException;
|
|||||||
}
|
}
|
||||||
|
|
||||||
for (final String name : groupMemberQuery.getParameters()) {
|
for (final String name : groupMemberQuery.getParameters()) {
|
||||||
if (!LdapRealm.USERNAME.equals(name)) {
|
|
||||||
groupNeedsAccount = true;
|
|
||||||
accountAtts.add(name);
|
accountAtts.add(name);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
groupMemberQueryList.add(groupMemberQuery);
|
groupMemberQueryList.add(groupMemberQuery);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -57,7 +57,7 @@ abstract class LdapType {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
String groupMemberPattern() {
|
String groupMemberPattern() {
|
||||||
return "(memberUid=${username})";
|
return "(|(memberUid=${username})(gidNumber=${gidNumber}))";
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|||||||
Reference in New Issue
Block a user