How to configure nested LDAP groups

Follow

Daphne Burgerhoudt -

Scenario

You have an LDAP group that again contains various LDAP groups which on there turn contains users. You want to assign this LDAP group to a role in XL Deploy so if one of the users log in, the have the permissions of that XL Deploy role.

Environment

XL Deploy, roles and permissions

Steps to Perform

The main thing you should do is to adjust your deployit-security.xml file and change DefaultLdapAuthoritiesPopulator to NestedLdapAuthoritiesPopulator.

Then your bean has to look something similar like:

<bean id="authoritiesPopulator" class="org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator">
  <constructor-arg ref="ldapServer" />
  <constructor-arg value="dc=example,dc=com" />
  <property name="groupSearchFilter" value="(member={0})" />
  <property name="rolePrefix" value="" />
  <property name="searchSubtree" value="true" />
  <property name="convertToUpperCase" value="false" />
</bean>
Caveats

The NestedLdapAuthoritiesPopulator class is available in XLD and XLR versions 6 and up.

Don't make your group search base too specific. If you have have groups in different branches of your ldap tree, and you specify ou=xldeploy,ou=applications,dc=example,dc=com in your group search base, the groups in ou=groups,dc=example,dc=com are not found. So the most specific group search base you can use is dc=example,dc=com.

Additional Information

More information about the configuration of LDAP for your XL Deploy, you can find in this documentation.

Tags

kb, how-to, XL Deploy, XLD, XL Release, XLR, nested LDAP group, role

 

Have more questions? Submit a request
Powered by Zendesk