This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Websphere and the fly likes LDAP: roles by attribute value Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "LDAP: roles by attribute value" Watch "LDAP: roles by attribute value" New topic
Author

LDAP: roles by attribute value

Ignacio Lacosta
Greenhorn

Joined: May 07, 2004
Posts: 3
Hello,
Nowadays, we have a WebSphere (5.0.2) authenticating users stored in OpenLDAP 2.1.22, in a standard way:
User Filter (&(uid=%v)(objectclass=inetOrgPerson))
Group Filter (&(cn=%v)(objectclass=groupOfUniqueNames))
User ID Map inetOrgPerson:uid
Group ID Map *:cn
Group Member ID Map groupOfUniqueNames:uniqueMember


Example of directory:

ou=roles
cn=general
objectClass: groupOfUniqueNames
uniqueMember: cn=user1,ou=users,...
uniqueMember: cn=user2,ou=users,...
uniqueMember: cn=user3,ou=users,...
(...)

ou=users
cn:user1
objectClass: inetOrgPersn
cn: user1
uid: user1
userPassword: pwd
sn: test
givenName: user1
cn:user1
( idem )

So, the "general" role entry is a very huge entry, because it contains a lot of users. Our LDAP is suffering some performance degradation and we think that this could be one reason.

The question is: can we set the membership of a role by adding an attribute in each user record, as Tomcat does ? (In Tomcat's server.xml file, the property userRoleName points to an user attribute that is the role name)

Thanks in advance !

Ignacio.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: LDAP: roles by attribute value
 
Similar Threads
Migrating JAAS from JBoss to Websphere 6.1
How to configure Tomcat for authentication against Active Directory of Windows Server 2003
Configuring the application policy in login-config.xml for LDAP Apache DS
Assign roles from different realms
LDAP Integration with JBoss