[MGNLLDAP-80] MagnoliaGroupResolver and MagnoliaRoleResolver (probably) only work for /admin users ? Created: 17/Jul/13  Updated: 04/Jul/14  Resolved: 18/Jun/14

Status: Closed
Project: LDAP Connector
Component/s: None
Affects Version/s: None
Fix Version/s: 1.6.3

Type: Bug Priority: Neutral
Reporter: Magnolia International Assignee: Milan Divilek
Resolution: Fixed Votes: 0
Labels: maintenance
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

TBV. In both classes, I see this bit of code - UserManager um = security.getUserManager(Realm.REALM_ADMIN.getName()); which seems to indicate we wouldn't be able to login users from other realms via ldap.



 Comments   
Comment by Milan Divilek [ 02/Dec/13 ]

MagnoliaGroupResolver and MagnoliaRoleResolver don't resolve groups/roles from LDAP context, but from Magnolia (admin realm). So if MgnlGroup(Role)Resolver is used then user with same name need to exist in Magnolia admin realm, but he doesn't need to has set password or any user details (it's taken from ldap). Also anyone who has LDAP/AD account, but not Magnolia account would not be able to access Magnolia as their user will not be found in Magnolia and groups won't be assigned (basically looking like valid user with no rights at all to Magnolia).

So UserManager um = security.getUserManager(Realm.REALM_ADMIN.getName()); is correct, but maybe would be good to do realm configurable.

Generated at Mon Feb 12 02:21:22 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.