wood burning stoves 2.0*
The moose likes Websphere and the fly likes LDAP: roles by attribute value Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Websphere
Bookmark "LDAP: roles by attribute value" Watch "LDAP: roles by attribute value" New topic

LDAP: roles by attribute value

Ignacio Lacosta

Joined: May 07, 2004
Posts: 3
Nowadays, we have a WebSphere (5.0.2) authenticating users stored in OpenLDAP 2.1.22, in a standard way:
User Filter (&(uid=%v)(objectclass=inetOrgPerson))
Group Filter (&(cn=%v)(objectclass=groupOfUniqueNames))
User ID Map inetOrgPerson:uid
Group ID Map *:cn
Group Member ID Map groupOfUniqueNames:uniqueMember

Example of directory:

objectClass: groupOfUniqueNames
uniqueMember: cn=user1,ou=users,...
uniqueMember: cn=user2,ou=users,...
uniqueMember: cn=user3,ou=users,...

objectClass: inetOrgPersn
cn: user1
uid: user1
userPassword: pwd
sn: test
givenName: user1
( idem )

So, the "general" role entry is a very huge entry, because it contains a lot of users. Our LDAP is suffering some performance degradation and we think that this could be one reason.

The question is: can we set the membership of a role by adding an attribute in each user record, as Tomcat does ? (In Tomcat's server.xml file, the property userRoleName points to an user attribute that is the role name)

Thanks in advance !

wood burning stoves
subject: LDAP: roles by attribute value
Similar Threads
Migrating JAAS from JBoss to Websphere 6.1
How to configure Tomcat for authentication against Active Directory of Windows Server 2003
Configuring the application policy in login-config.xml for LDAP Apache DS
Assign roles from different realms
LDAP Integration with JBoss