Previous topic  Top  Next topic  Print this Topic
 

Support for multiple principalSuffix in ActiveDirectory

 

The "userPrincipalName" attribute is used for login and querying user roles. It is built by concating username and a principalSuffix. Large ActiveDirectory installations may use multiple user principal name suffices. For such scenarios, OntoBroker 6.1 now supports a list of user principal name suffices. In this case, the configuration for the ActiveDirectory realm may look like this:

<bean id="ActiveDirectory" class="com.ontoprise.security.realm.ActiveDirectoryExRealm">

      <property name="ldapContextFactory">

        <bean class="com.ontoprise.security.realm.AdLdapContextFactory">

            <property name="searchBase"><value>dc=mycompany,dc=com</value></property>

            <property name="systemUsername"><value>admin</value></property>

            <property name="systemPassword"><value>admin</value></property>

            <property name="principalSuffixList">

              <list>

                  <value>@ads.mycompany.com</value>

                  <value>@ads2.mycompany.com</value>

              </list>

            </property>

            <property name="url"><value>ldap://domaincontroller.mycompany.com:389/</value></property>

        </bean>

    </property>

    <!-- search base for groups -->

    <property name="searchBase"><value>OU=Karlsruhe,DC=ads,DC=mycompany,DC=com</value></property>    

    <property name="groupRolesMap"><map>

        <entry key="CN=group1,OU=Karlsruhe,DC=ads,DC=mycompany,DC=com" value="group1"/>

        <entry key="CN=group2,OU=Karlsruhe,DC=ads,DC=mycompany,DC=com" value="group2"/>

    </map></property>

  </bean>