From 6229db6f958bbcf9ad21804bdc526f669fe6f601 Mon Sep 17 00:00:00 2001 From: Kevin Connor Date: Mon, 6 Jun 2011 23:05:24 -0700 Subject: [PATCH] change ldap group lookup when using memberUid to match using name according to rfc2307 which says the memberUid is a name (not a uid strangely enough) just going by http://manpages.ubuntu.com/manpages/natty/man5/sssd-ldap.5.html ldap_schema description and my broken install on ubuntu... I can't say what ldif I used except it was standard (I didn't write it) and ldapscripts and phpmyadmin all seem to want the field to be a name. Originally-Committed-As: 8ce68934aba3d016b645035bae1841eaccca9ef5 --- .../main/webapp/WEB-INF/security/LDAPBindSecurityRealm.groovy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/war/src/main/webapp/WEB-INF/security/LDAPBindSecurityRealm.groovy b/war/src/main/webapp/WEB-INF/security/LDAPBindSecurityRealm.groovy index 4f0995c..3bd5001 100644 --- a/war/src/main/webapp/WEB-INF/security/LDAPBindSecurityRealm.groovy +++ b/war/src/main/webapp/WEB-INF/security/LDAPBindSecurityRealm.groovy @@ -64,7 +64,7 @@ bindAuthenticator(BindAuthenticator2,initialDirContextFactory) { authoritiesPopulator(AuthoritiesPopulatorImpl, initialDirContextFactory, instance.groupSearchBase) { // see DefaultLdapAuthoritiesPopulator for other possible configurations searchSubtree = true; - groupSearchFilter = "(| (member={0}) (uniqueMember={0}) (memberUid={1}))"; + groupSearchFilter = "(| (member={0}) (uniqueMember={0}) (memberUid={0}))"; } authenticationManager(ProviderManager) {