[MGNLLDAP-80] MagnoliaGroupResolver and MagnoliaRoleResolver (probably) only work for /admin users ? Created: 17/Jul/13 Updated: 04/Jul/14 Resolved: 18/Jun/14 |
|
| Status: | Closed |
| Project: | LDAP Connector |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.6.3 |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Magnolia International | Assignee: | Milan Divilek |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | maintenance | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
| Date of First Response: |
| Description |
|
TBV. In both classes, I see this bit of code - UserManager um = security.getUserManager(Realm.REALM_ADMIN.getName()); which seems to indicate we wouldn't be able to login users from other realms via ldap. |
| Comments |
| Comment by Milan Divilek [ 02/Dec/13 ] |
|
MagnoliaGroupResolver and MagnoliaRoleResolver don't resolve groups/roles from LDAP context, but from Magnolia (admin realm). So if MgnlGroup(Role)Resolver is used then user with same name need to exist in Magnolia admin realm, but he doesn't need to has set password or any user details (it's taken from ldap). Also anyone who has LDAP/AD account, but not Magnolia account would not be able to access Magnolia as their user will not be found in Magnolia and groups won't be assigned (basically looking like valid user with no rights at all to Magnolia). So UserManager um = security.getUserManager(Realm.REALM_ADMIN.getName()); is correct, but maybe would be good to do realm configurable. |