LdapLoginModule with nested role functionality

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

LdapLoginModule with nested role functionality

This post has NOT been accepted by the mailing list yet.
Hello All,

I have been playing with Jetty LDAPLoginModule to authenticate users aganist ActiveDirectory and fetch user roles.
Our AD has nested roles but jetty just seems to be ignoring them. When I compared Jetty LoginModule with Tomcat JNDIRealm (http://www.jarvana.com/jarvana/view/org/apache/tomcat/tomcat-catalina/7.0.8/tomcat-catalina-7.0.8-sources.jar!/org/apache/catalina/realm/JNDIRealm.java?format=ok) I could see the difference. Tomcat seems to have a special block to fetch nested roles
"// if nested group search is enabled, perform searches for nested groups until no new group is found
        if (getRoleNested()) {" (search for this in the above link)

Is my finding correct and I don't have any alternative other than writing my own custom LdapLoginModule to solve this problem? Or Am I missing something basic?

Any help is much appreciated.

Thanks for your time