File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Websphere and the fly likes LDAP: roles by attribute value Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Websphere
Bookmark "LDAP: roles by attribute value" Watch "LDAP: roles by attribute value" New topic

LDAP: roles by attribute value

Ignacio Lacosta

Joined: May 07, 2004
Posts: 3
Nowadays, we have a WebSphere (5.0.2) authenticating users stored in OpenLDAP 2.1.22, in a standard way:
User Filter (&(uid=%v)(objectclass=inetOrgPerson))
Group Filter (&(cn=%v)(objectclass=groupOfUniqueNames))
User ID Map inetOrgPerson:uid
Group ID Map *:cn
Group Member ID Map groupOfUniqueNames:uniqueMember

Example of directory:

objectClass: groupOfUniqueNames
uniqueMember: cn=user1,ou=users,...
uniqueMember: cn=user2,ou=users,...
uniqueMember: cn=user3,ou=users,...

objectClass: inetOrgPersn
cn: user1
uid: user1
userPassword: pwd
sn: test
givenName: user1
( idem )

So, the "general" role entry is a very huge entry, because it contains a lot of users. Our LDAP is suffering some performance degradation and we think that this could be one reason.

The question is: can we set the membership of a role by adding an attribute in each user record, as Tomcat does ? (In Tomcat's server.xml file, the property userRoleName points to an user attribute that is the role name)

Thanks in advance !

I agree. Here's the link:
subject: LDAP: roles by attribute value
jQuery in Action, 3rd edition