Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
titleTechnical Information

The reason that userDnPatterns is suggested when using Kerberos or Windows domain notation is that the LdapUserSearch implementations do not give the control over the DN that userDnPatterns does. (The LdapUserSearch implementations try to derive the DN in the standard format, which may or may not work in Active Directory.)

However, Pentaho's LdapUserDetailsService requires an LdapUserSearch for its userSearch property.

User DN Patterns

Code Block
xml
xml

<bean id="authenticator" class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
  <constructor-arg>
    <ref local="initialDirContextFactory" />
  </constructor-arg>
  <property name="userDnPatterns">
    <list>
      <value>{0}@mycompany.com</value>
      <!-- and/or -->
      <value>domain\{0}</value>
    </list>
  </property>
</bean>

User Searches

The sAMAccountName attribute should be used as the username in user searches. The searchSubtree property (which influences the SearchControls) should most likely be true. Otherwise, it searches the specify base plus one level down.

...