Websphere with LDAP (Sun ONE) - User Mermbership problem
yon...@gmail.com
I am running into a problem when setting up the LDAP Authenticating and authorizations with SunONE LDAP Server.
the LDAP server has users with objectclass=posixAccount and groups with objectclass=posixGroup.
Authenticating and listing the users and groups works fine, but there are no user-group memberships at all.
this is because membership in this LDAP works from posixGroup which has a memberUid attribute,
websphere perform the search when comparing this attribute to DN and not the user's uid attribute.
Anybody know if that can be configured at all, or what is the recommanded workaround ?
Appriciate any Help,
Best Regards,
Yoni
i.e. - the user:
dn: uid=bennym,ou=People, o=cold
givenName: Benny
uid: bennym
sn: Mike
cn: Benny Mike
objectClass: posixAccount
objectClass: top
objectClass: person
gecos: Benny Mike
.
the group:
# bbload, group, hot
dn: cn=bbload,ou=group,o=cold
cn: bbload
memberUid: bennym
memberUid: slavab
memberUid: paveld
memberUid: didis
objectClass: posixGroup
objectClass: top
..
EHab...@technoserv.ru
{code}
User filter : (&(uid=%v)(objectclass=posixAccount))
Group Filter : (&(cn=%v)(objectClass=posixGroup))
User ID map : posixAccount:uid
Group ID map : posixGroup:cn
Group member ID map: posixGroup:memberUid
{code}
Reference : [Advanced Lightweight Directory Access Protocol user registry settings|http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/topic/com.ibm.websphere.nd.doc/info/ae/ae/tsec_tmsad.html]
yon...@gmail.com
i am using a federated repositories, so this exact configuration is not applicable.
i will try it anyways...
from what i have configured so far, the problem is that websphere is comparing the user's distinguishedName (dn) attribute to the memberUid attribute of the group instead of the user's uid attribute.
10x!
thr...@gmail.com
Thanks,
Ravi