SEC-963: LDAP Group Search Root
http://jira.springframework.org/browse/SEC-963. Changed namespace instances of DefaultAuthoritiesPopulator to use the root as the default search location.
This commit is contained in:
parent
83868a7334
commit
a4e4120443
|
@ -23,7 +23,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
|
||||||
public static final String ATT_GROUP_SEARCH_BASE = "group-search-base";
|
public static final String ATT_GROUP_SEARCH_BASE = "group-search-base";
|
||||||
public static final String ATT_GROUP_ROLE_ATTRIBUTE = "group-role-attribute";
|
public static final String ATT_GROUP_ROLE_ATTRIBUTE = "group-role-attribute";
|
||||||
public static final String DEF_GROUP_SEARCH_FILTER = "(uniqueMember={0})";
|
public static final String DEF_GROUP_SEARCH_FILTER = "(uniqueMember={0})";
|
||||||
public static final String DEF_GROUP_SEARCH_BASE = "ou=groups";
|
public static final String DEF_GROUP_SEARCH_BASE = "";
|
||||||
|
|
||||||
static final String ATT_ROLE_PREFIX = "role-prefix";
|
static final String ATT_ROLE_PREFIX = "role-prefix";
|
||||||
static final String ATT_USER_CLASS = "user-details-class";
|
static final String ATT_USER_CLASS = "user-details-class";
|
||||||
|
|
|
@ -89,7 +89,7 @@ group-search-filter-attribute =
|
||||||
## Group search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN of the user.
|
## Group search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN of the user.
|
||||||
attribute group-search-filter {xsd:string}
|
attribute group-search-filter {xsd:string}
|
||||||
group-search-base-attribute =
|
group-search-base-attribute =
|
||||||
## Search base for group membership searches. Defaults to "ou=groups".
|
## Search base for group membership searches. Defaults to "" (searching from the root).
|
||||||
attribute group-search-base {xsd:string}
|
attribute group-search-base {xsd:string}
|
||||||
user-search-filter-attribute =
|
user-search-filter-attribute =
|
||||||
## The LDAP filter used to search for users (optional). For example "(uid={0})". The substituted parameter is the user's login name.
|
## The LDAP filter used to search for users (optional). For example "(uid={0})". The substituted parameter is the user's login name.
|
||||||
|
|
|
@ -222,7 +222,7 @@
|
||||||
<xs:attribute name="group-search-base" use="required" type="xs:string">
|
<xs:attribute name="group-search-base" use="required" type="xs:string">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Search base for group membership searches. Defaults to
|
<xs:documentation>Search base for group membership searches. Defaults to
|
||||||
"ou=groups".</xs:documentation>
|
"" (searching from the root).</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
</xs:attributeGroup>
|
</xs:attributeGroup>
|
||||||
|
|
Loading…
Reference in New Issue