AnsweredAssumed Answered

LDAP: objecclass definition with authentication

Question asked by simon on Apr 20, 2006
Latest reply on Apr 26, 2006 by simon
Hi Andy,

Another LDAP question for you… I'm sorry.

We are trying to authenticate against OpenLDAP. All our users are stored in 1 OU in 1 LDAP, no referrals or chaining (let's keep it simple for once).

Not all the users have the same objectclasses, some of them are form the person object class, some have the user objectclass, some use both.

There is a property (in the ldap-authentication-context.xml file) for the people synchronisation to limit the query to a certain objectclass:

<property name="personQuery">
    <value>(objectclass=inetOrgPerson)</value>
</property>

We would like to do exactly the same for authentication: only allow the accounts with this specific objectclass and ignore the others.

Is there such a property that could be specified for the ldapInitialDirContextFactory bean? And if there isn't… :roll:

Thanks!

Outcomes