Project

General

Profile

Actions
Copy link

Bug #6321

closed

Metacat login mechanism needs to handle the ldap alias account

Added by Jing Tao over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jing Tao
Category:
-
Target version:
2.4.0
Start date:
12/19/2013
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:

Description

We are planning to trim the nceas ldap to have one subtree ou=Account which has the real users. The other subtrees, such as o=unaffiliated, will be an alias to an entry in ou=Account. The alias entry looks like:

dn: uid=wu,o=unaffiliated,dc=ecoinformatics,dc=org
 objectClass: alias
 ObjectLcass: extensibleObject
 uid: wu
 aliasedObjectName:  uid=tao,ou=Account,dc=ecoinformatics,dc=org

LDAP doesn't provide the dereference mechanism for the bind. It only provides the search dereference:
ldapsearch -x -a search -h ldap-dev.ecoinformatics.org -b uid=wu,o=unaffiliated,dc=ecoinformatics,dc=org

We need to add code on Metacat AuthLdap to handle the alias login.

Actions
Copy link
 #1

Updated by Jing Tao over 10 years ago

The code was added to handle the alias. But we need to add code to handle get groups as well.

Actions
Copy link
 #2

Updated by Jing Tao over 10 years ago

  • Status changed from New to Resolved

Add a method named getAliasedDn. This method derefer the alias to the real object.

This method is applied in the authenticate, getUserInfo and getGroups(String user). I tested it and it worked.

Actions
Copy link

Also available in: Atom PDF