SEC-963: LDAP Group Search Root

http://jira.springframework.org/browse/SEC-963. Changed namespace instances of DefaultAuthoritiesPopulator to use the root as the default search location.
This commit is contained in:
Luke Taylor 2008-08-26 13:51:01 +00:00
parent 83868a7334
commit a4e4120443
3 changed files with 32 additions and 32 deletions

View File

@ -23,7 +23,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
public static final String ATT_GROUP_SEARCH_BASE = "group-search-base"; public static final String ATT_GROUP_SEARCH_BASE = "group-search-base";
public static final String ATT_GROUP_ROLE_ATTRIBUTE = "group-role-attribute"; public static final String ATT_GROUP_ROLE_ATTRIBUTE = "group-role-attribute";
public static final String DEF_GROUP_SEARCH_FILTER = "(uniqueMember={0})"; public static final String DEF_GROUP_SEARCH_FILTER = "(uniqueMember={0})";
public static final String DEF_GROUP_SEARCH_BASE = "ou=groups"; public static final String DEF_GROUP_SEARCH_BASE = "";
static final String ATT_ROLE_PREFIX = "role-prefix"; static final String ATT_ROLE_PREFIX = "role-prefix";
static final String ATT_USER_CLASS = "user-details-class"; static final String ATT_USER_CLASS = "user-details-class";

View File

@ -89,7 +89,7 @@ group-search-filter-attribute =
## Group search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN of the user. ## Group search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN of the user.
attribute group-search-filter {xsd:string} attribute group-search-filter {xsd:string}
group-search-base-attribute = group-search-base-attribute =
## Search base for group membership searches. Defaults to "ou=groups". ## Search base for group membership searches. Defaults to "" (searching from the root).
attribute group-search-base {xsd:string} attribute group-search-base {xsd:string}
user-search-filter-attribute = user-search-filter-attribute =
## The LDAP filter used to search for users (optional). For example "(uid={0})". The substituted parameter is the user's login name. ## The LDAP filter used to search for users (optional). For example "(uid={0})". The substituted parameter is the user's login name.

View File

@ -222,7 +222,7 @@
<xs:attribute name="group-search-base" use="required" type="xs:string"> <xs:attribute name="group-search-base" use="required" type="xs:string">
<xs:annotation> <xs:annotation>
<xs:documentation>Search base for group membership searches. Defaults to <xs:documentation>Search base for group membership searches. Defaults to
"ou=groups".</xs:documentation> "" (searching from the root).</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
</xs:attributeGroup> </xs:attributeGroup>