Task #12604 (new)
Opened 10 years ago
Last modified 8 years ago
RFE: make LDAP lookup attributes configurable
Reported by: | bpindelski | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | Permissions |
Component: | Services | Version: | 5.1.0-m1 |
Keywords: | n.a. | Cc: | jamoore, mtbcarroll, pwalczysko, jburel, atarkowska, dlindner, wmoore |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description
This ticket is an RFE from a user (see https://trac.openmicroscopy.org.uk/ome/ticket/4821 and http://lists.openmicroscopy.org.uk/pipermail/ome-users/2014-June/004517.html).
The attributes used in the LDAP server user query should be configurable. Currently they are hard-coded to assume that the login string is the cn of the LDAP user. We would need to allow using other attributes too (e.g. email address or displayName).
Initial work has been started on https://github.com/bpindelski/openmicroscopy/tree/4821_lookup_attrs. This is blocked by the fact that too many places outside of LdapImpl? rely on the login string being the omeName (e.g. Principal). This might require a bigger refactoring of the login/session API.
Change History (9)
comment:1 Changed 9 years ago by jamoore
- Milestone changed from 5.1.0 to 5.1.1
comment:2 Changed 9 years ago by jamoore
- Milestone changed from 5.1.1 to 5.1.2
comment:3 Changed 9 years ago by jamoore
- Cc jburel atarkowska dlindner wmoore added
comment:4 Changed 9 years ago by jamoore
- Milestone changed from 5.1.4 to OMERO-5.1.4
Splitting 5.1.4 due to milestone decoupling
comment:5 Changed 9 years ago by jburel
- Milestone changed from OMERO-5.1.4 to OMERO-5.2.0
Pushing to 5.2 and linked to https://trello.com/c/NdKek7Ag/303-ldap
comment:6 Changed 9 years ago by jamoore
- Milestone changed from OMERO-5.2.0 to OMERO-5.2.1
comment:7 Changed 8 years ago by jburel
- Milestone changed from OMERO-5.2.1 to OMERO-5.2.2
Milestone OMERO-5.2.1 deleted
comment:8 Changed 8 years ago by jburel
- Milestone changed from OMERO-5.2.2 to OMERO-5.2.1
Milestone OMERO-5.2.2 deleted
comment:9 Changed 8 years ago by jburel
- Milestone changed from OMERO-5.2.2 to Permissions
Looking at Felix's email:
As long as the "user_lookup_attributes" are considered "also look in" properties, then this might work. So basically:
This may or may not have adverse effects on insight & web, depending on their assumptions. Unless anyone sees this as critical, I'd likely push and roll into the next round of LDAP changes.