Uploaded image for project: 'LDAP Connector'
  1. LDAP Connector
  2. MGNLLDAP-49

Pass on email and other user properties from LDAP record to Magnolia

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Neutral
    • 1.4.3
    • None
    • None

    Description

      While the LDAP module currently reads out all properties from a user's record (info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule#extractAttributes), those properties are not passed on in the User instance in Magnolia. As far as I can tell, this is because of

      • info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule#setEntity does not copy those properties to the Entity object. There might be security concerns about passing all attributes around, so we should at least extract this operation into an overridable method.
      • info.magnolia.cms.security.ExternalUser#getProperty systematically throws an UnsupportedOperationException, whereas it could at least check the properties of the current Entity object it wraps. I am not sure if there are any (historical?) reasons for this.

      While this is entirely and easily fixable within the current framework, it sounds like one more reason to move away from jaas, or at least move to a LoginModule that completely delegates to Magnolia, following which we'd have a ldap-specific UserManager implementation. And/or a LDAPUser implementation.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                pbaerfuss Philipp Bärfuss
                gjoseph Magnolia International
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoD