I use the JAAS Framework for the authentification and authorization process in a java ee enterprise application. I use GlassFish as the application server. My realm configuration looks like:
<auth-realm name="ads-realm" classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm">
<property name="jaas-context" value="ldapRealm" />
<property name="base-dn" value="CN=Users,DC=company,DC=intern" />
<property name="directory" value="ldap://ad.company.intern:389" />
<property name="search-filter" value="(&(objectClass=user)(sAMAccountName=%s))" />
<property name="search-bind-password" value="****" />
<property name="search-bind-dn" value="ldapSvc@company.intern" />
</auth-realm>
This configuration works fine in my environment. See following log entries:
FEIN: JAAS login complete.
FEIN: JAAS authentication committed.
FEIN: Password login succeeded for xyz
but i don't receive a LDAP Group membership(s) from my Active Directory
FEIN: LDAP: Group memberships foun开发者_JS百科d:
FEIN: LDAP: login succeeded for: xyz
Which configuration/entry/mapping have I to do, to receive a group membership from AD?
Surely, I can add the property
<property name="assign-groups" value="Users" />
to my GlassFish configuration, but that is not exactly what i want.
You need to add this extra property:
group-search-filter Search filter to find group memberships for the user. The default value is uniquemember=%d (%d expands to the user element DN). In the case of Active Directory this should be member=%d
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论