Versions Compared

Old Version 7

changes.mady.by.user Former user

Saved on

compared with

New Version 8

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Mapping External to Directory

If you're using Active Directory, do not use this method. Instead see the next section.

Suppose you want to have a role as an occupant of another role. For example, suppose there is a role called bireporting and you wish for all the occupants of the ceo role to also be occupants of the bireporting role. One way to accomplish this would be to manually add all of the occupants of ceo as occupants of the bireporting role. Unfortunately, this solution does not reuse existing roles. Instead, you should be able to add the ceo role as an occupant just as you would add a user as an occupant. Why would you need to do this? Because your Pentaho security configuration can simply reference the bireporting role instead of a multitude of occupant roles.

...

Code Block
xml
xml
titleapplicationContext-pentaho-security-ldap.xml
<bean id="allAuthoritiesSearch" class="org.pentaho.platform.plugin.services.security.userrole.ldap.search.GenericLdapSearch">
<!-- omitted -->
  <constructor-arg index="2">
    <bean class="org.apache.commons.collections.functors.ChainedTransformer">
      <constructor-arg index="0">
        <list>
          <bean class="org.pentaho.platform.plugin.services.security.userrole.ldap.transform.SearchResultToAttrValueList">
            <!-- omitted -->
          </bean>
          <bean class="org.pentaho.platform.plugin.services.security.userrole.ldap.transform.ExtraRoles">
            <property name="extraRoles">
              <set>
                <value>bireporting</value>
              </set>
            </property>
          </bean>
          <bean class="org.pentaho.platform.plugin.services.security.userrole.ldap.transform.StringToGrantedAuthority">
            <!-- omitted -->
          </bean>
        </list>
      </constructor-arg>
    </bean>
  </constructor-arg>
</bean>

References

http://forum.springframework.org/showthread.php?t=28007

Nested groups in Active Directory

Microsoft Active Directory has a unique matching rule identifier (OIDs) that can be used to enable this quite easily.  For more information, have a look here.

...

This will search down the whole tree of nested groups.

References

http://forum.springframework.org/showthread.php?t=28007