Bug #6321
Metacat login mechanism needs to handle the ldap alias account
0%
Description
We are planning to trim the nceas ldap to have one subtree ou=Account which has the real users. The other subtrees, such as o=unaffiliated, will be an alias to an entry in ou=Account. The alias entry looks like:
dn: uid=wu,o=unaffiliated,dc=ecoinformatics,dc=org
objectClass: alias
ObjectLcass: extensibleObject
uid: wu
aliasedObjectName: uid=tao,ou=Account,dc=ecoinformatics,dc=org
LDAP doesn't provide the dereference mechanism for the bind. It only provides the search dereference:
ldapsearch -x -a search -h ldap-dev.ecoinformatics.org -b uid=wu,o=unaffiliated,dc=ecoinformatics,dc=org
We need to add code on Metacat AuthLdap to handle the alias login.
History
#1 Updated by Jing Tao about 7 years ago
The code was added to handle the alias. But we need to add code to handle get groups as well.
#2 Updated by Jing Tao about 7 years ago
- Status changed from New to Resolved
Add a method named getAliasedDn. This method derefer the alias to the real object.
This method is applied in the authenticate, getUserInfo and getGroups(String user). I tested it and it worked.