Bug #6321: Metacat login mechanism needs to handle the ldap alias account - Metacat - Ecoinformatics Redmine

Bug #6321

Metacat login mechanism needs to handle the ldap alias account

Added by Jing Tao almost 6 years ago. Updated almost 6 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Jing Tao

Category:

Target version:

2.4.0

Start date:

12/19/2013

Due date:

% Done:

Estimated time:

Bugzilla-Id:

Description

We are planning to trim the nceas ldap to have one subtree ou=Account which has the real users. The other subtrees, such as o=unaffiliated, will be an alias to an entry in ou=Account. The alias entry looks like:

dn: uid=wu,o=unaffiliated,dc=ecoinformatics,dc=org
 objectClass: alias
 ObjectLcass: extensibleObject
 uid: wu
 aliasedObjectName:  uid=tao,ou=Account,dc=ecoinformatics,dc=org

LDAP doesn't provide the dereference mechanism for the bind. It only provides the search dereference:
ldapsearch -x -a search -h ldap-dev.ecoinformatics.org -b uid=wu,o=unaffiliated,dc=ecoinformatics,dc=org

We need to add code on Metacat AuthLdap to handle the alias login.

History

#1 Updated by Jing Tao almost 6 years ago

The code was added to handle the alias. But we need to add code to handle get groups as well.

#2 Updated by Jing Tao almost 6 years ago

Status changed from New to Resolved

Add a method named getAliasedDn. This method derefer the alias to the real object.

This method is applied in the authenticate, getUserInfo and getGroups(String user). I tested it and it worked.

Also available in: Atom PDF

Project

General

Profile

Metacat

Issues

Custom queries

Bug #6321

Metacat login mechanism needs to handle the ldap alias account

History

#1 Updated by Jing Tao almost 6 years ago

#2 Updated by Jing Tao almost 6 years ago