Details
-
Feature
-
Status: Released (View Workflow)
-
Minor
-
Resolution: Fixed
-
1.11.5, 1.12
-
None
Description
Current Situation
When using LDAP for authentication and shiro.ini for authorization the login principal name is used for the search of the user in shiro.ini.
This search is case sensitive.
The search looks for the given principal also when a domain is given.
Example:
login with domain\account will not find the entry account@domain in the shiro.ini and viceversa
login with domain\Account will not find domain\account in the shiro.ini.
Desired Behaviour
When using LDAP for authentication and shiro.ini for authorization the login principal name is used for the search of the user in shiro.ini.
This search should be case insensitive.
When a domain is used and the entry was not found in the shiro.ini the alternative entry should be searched.
Also the debug logging for the groupRolesMapping should show for what group names is the shiro.ini searched.
"Analysing groupRolesMapping: %s"
"Looking for group: %s"
"roles for group %s: %s"
"Group %s not found in groupRolesMapping"
Example:
login with domain\account should find the entry account@domain in the shiro.ini and viceversa
login with domain\Account should find domain\account in the shiro.ini.