Requirement
You have an LDAP group that contains various LDAP groups that in turn contain users. You want to assign this LDAP group to a role in XL Deploy and have the users in the sub-groups inherit the permissions of that XL Deploy role.
Environment
XL Deploy, roles and permissions
Solution
- Edit your deployit-security.xml file
- Change DefaultLdapAuthoritiesPopulator to NestedLdapAuthoritiesPopulator
- Your bean should look something like the example below
<bean id="authoritiesPopulator" class="org.springframework.security.ldap.userdetails.
NestedLdapAuthoritiesPopulator">
<constructor-arg ref="ldapServer" />
<constructor-arg value="dc=example,dc=com" />
<property name="groupSearchFilter" value="(member={0})" />
<property name="rolePrefix" value="" />
<property name="searchSubtree" value="true" />
<property name="convertToUpperCase" value="false" />
</bean>
Caveats
- The NestedLdapAuthoritiesPopulator class is available in XLD and XLR versions 6 and up.
- Don't make your group search base too specific. If you have groups in different branches of your LDAP tree, and you specify ou=xldeploy,ou=applications,dc=example,dc=com in your group search base, the groups in ou=groups,dc=example,dc=com are not found. So the most specific group search base you can use is dc=example,dc=com
Additional Information
For more information about the configuration of LDAP for your XL Deploy, please see LDAP security in the Developer Portal.
Comments
Please sign in to leave a comment.