Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
0.7.2, 0.8.0
-
None
Description
Problem:
While performing LDAP authentication, current Shiro module does a group=* search while trying to get group-to-role mapping for any LDAP user. On a large LDAP directory, this is a serious problem which might render RolesByGroup feature not working as expected.
Fix:
Currently while doing LDAP authentication, there is no available option to limit the group search results to the only groups that user is interested in. This bug addresses the same and adds group search filter to Shiro configuration for LdapRealm which will allow user to define a search filter and limit the group search results.
Example:
ldapRealm = org.apache.zeppelin.realm.LdapRealm
...
...
ldapRealm.groupSearchFilter = (&(objectclass=groupofnames)(member={0}))
...
Attachments
Issue Links
- links to
