https://connect.hyland.com/t5/alfresco-archive/ldap-group-import-suggestion/m-p/84574#M56951 <HTML><HEAD></HEAD><BODY><SPAN>I'm interested in using a Samba/POSIX-oriented LDAP DIT for my Alfresco user backend, so using full DNs in whatever the "memberAtrribute" property would be rather difficult. As Alfresco's pretty much the only application I've yet to get working with this setup, my gut feeling is to add functionality to Alfresco in a clean way and hopefully get someone else out of the same bind I've gotten myself into.</SPAN><BR /><BR /><SPAN>While my bandaid fix is to hardcode in a string replacement of that attribute's values to make it a full DN (i.e. memberUid: </SPAN><STRONG>username</STRONG><SPAN> will become dn: uid=</SPAN><STRONG>username</STRONG><SPAN>,ou=people,dc=domain,dc=component,dc=com), I was hoping that creating some config values and doing this a little bit more like a "Good Way" would be helpful to more than just me. I plan to add properties along the lines of "memberAtrributeIsFullDN", "memberAttributeRDNPrefix", "memberAttributeDNSuffix", etc, so that I can use this for more than just my internal sandbox implementation. Since Alfresco's internals want a full DN for this, I imagine that when we configure the org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource bean, the options above would be used as in the following example:</SPAN><BR /><BR /><SPAN>memberAttribute = memberUid</SPAN><BR /><SPAN>- uid only comes from LDAP, not full DN, when using this attribute type</SPAN><BR /><BR /><SPAN>memberAttributeIsFullDN = false</SPAN><BR /><SPAN>- default this to true in the class definition</SPAN><BR /><BR /><SPAN>memberAttributeRDNPrefix = uid</SPAN><BR /><SPAN>- unused if memberAttributeIsFullDN is true</SPAN><BR /><SPAN>- RDNPrefix and not DNPrefix, either would really work but logically speaking I see this as attaching an RDN to a proper DN suffix</SPAN><BR /><BR /><SPAN>memberAttributeDNSuffix = ou=people,dc=domain,dc=component,dc=com</SPAN><BR /><SPAN>- unused if memberAttributeIsFullDN is true</SPAN><BR /><BR /><SPAN>Add it all up (rough example):</SPAN><BR /><SPAN>String attribute = (String) memberAttributeRDNPrefix + "=" + memAttribute.get(i); + "," + memberAttributeDNSuffix</SPAN><BR /><SPAN>attribute = group.distinguishedNames.add(attribute);</SPAN><BR /><BR /><SPAN>Again, resulting in "uid=</SPAN><STRONG>username</STRONG><SPAN>,ou=people,dc=domain,dc=component,dc=com"</SPAN><BR /><BR /><SPAN>I'm not a native Java speaker, so I figured I suggest this before plunging in and see if it flies. In general, this solves a problem that a few of us are having in implementation land, and it does it fairly simply. It provides more functionality and integration while being completely backward compatible. Let me know if it's junk, and keep in mind that I'm shooting from the hip on the code, and I'm fully aware that what little code I have presented here won't work as it is simply an abstract representation of my intentions. <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://connect.hyland.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></SPAN><BR /><BR /><SPAN>Edit: And by the way, this is an attempt to address the following issue in JIRA: </SPAN><A href="http://issues.alfresco.com/browse/AR-1026" rel="nofollow noopener noreferrer">http://issues.alfresco.com/browse/AR-1026</A></BODY></HTML> Tue, 01 May 2007 19:35:31 GMT smyers 2007-05-01T19:35:31Z https://connect.hyland.com/t5/alfresco-archive/ldap-group-import-suggestion/m-p/84574#M56951 I'm interested in using a Samba/POSIX-oriented LDAP DIT for my Alfresco user backend, so using full DNs in whatever the "memberAtrribute" property would be rather difficult. As Alfresco's pretty much the only application I've yet to get working with this setup, my gut feeling is to add functionality Tue, 01 May 2007 19:35:31 GMT https://connect.hyland.com/t5/alfresco-archive/ldap-group-import-suggestion/m-p/84574#M56951 smyers 2007-05-01T19:35:31Z https://connect.hyland.com/t5/alfresco-archive/ldap-group-import-suggestion/m-p/84575#M56952 <HTML><HEAD></HEAD><BODY><SPAN>org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource, the diff:</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE>84a85,90<BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; <BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; private boolean memberAttributeIsFullDN = true;<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; <BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; private String memberAttributeRDNPrefix;<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; private String memberAttributeDNSuffix;<BR /><BR />135a142,156<BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; public void setMemberAttributeIsFullDN(boolean memberAttributeIsFullDN)<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; {<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;this.memberAttributeIsFullDN = memberAttributeIsFullDN;<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; }<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; <BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; public void setMemberAttributeRDNPrefix(String memberAttributeRDNPrefix)<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; {<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;this.memberAttributeRDNPrefix = memberAttributeRDNPrefix;<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; }<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; public void setMemberAttributeDNSuffix(String memberAttributeDNSuffix)<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; {<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;this.memberAttributeDNSuffix = memberAttributeDNSuffix;<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; }<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp; <BR /><BR />423c444,452<BR />&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; group.distinguishedNames.add(attribute);<BR /><BR />—<BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;if (memberAttributeIsFullDN)<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;{<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;group.distinguishedNames.add(attribute);<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;}<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;else<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;{<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;String fullDN = memberAttributeRDNPrefix + '=' + attribute + ',' + memberAttributeDNSuffix;<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;group.distinguishedNames.add(fullDN);<BR /><BR />&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;}<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>I'd love it if someone more familiar with this could give it a quick once-over. I'm about to build it and see.</SPAN></BODY></HTML> Wed, 02 May 2007 14:55:35 GMT https://connect.hyland.com/t5/alfresco-archive/ldap-group-import-suggestion/m-p/84575#M56952 smyers 2007-05-02T14:55:35Z https://connect.hyland.com/t5/alfresco-archive/ldap-group-import-suggestion/m-p/84576#M56953 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>I will take a look at this when time allows and add suitable support the next time we make any changes in this area.</SPAN><BR /><BR /><SPAN>Thanks for the comments.</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Mon, 17 Sep 2007 10:06:25 GMT https://connect.hyland.com/t5/alfresco-archive/ldap-group-import-suggestion/m-p/84576#M56953 andy 2007-09-17T10:06:25Z