Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-5850

groupRoleMapping in passthrough authentication not working with LDAP

    Details

    • Sprint:
      OpenIDM Sprint 68
    • Story Points:
      2

      Description

      Can't get Roles assigend via groupRoleMappings in passthrough authentication to work.

      Reproduce:
      1.) Setup openidm and opendj with sample 2c
      2.) Run recon of ldap accounts to managed user
      3.) Modify authentication.json: disable managed_user authentication and add passthrough module with grouprolemapping.
      4.) Try to login to admin ui with user jdoe from sample 2c

      The authenticated user does not get roles from grouprolemappings. If logging is turned up to FINEST we see that the groupmembership attribute "ldapGroups" is not requested. Only a suspicious field "/".

      authentication.json snippet:

      {
          "name" : "PASSTHROUGH",
          "properties" : {
              "augmentSecurityContext" : {
                  "type" : "text/javascript",
                  "file" : "auth/populateAsManagedUser.js"
              },
              "queryOnResource" : "system/ldap/account",
              "propertyMapping" : {
                  "authenticationId" : "uid",
                  "groupMembership" : "ldapGroups"
              },
              "groupRoleMapping" : {
                  "openidm-admin" : [
                      "cn=openidm,ou=Groups,dc=example,dc=com"
                  ]
              },
              "managedUserLink" : "systemLdapAccounts_managedUser",
              "defaultUserRoles" : [
                  "openidm-authorized"
              ]
          },
          "enabled" : true
      }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                alin Alin Brici
                Reporter:
                mkrenn mkrenn [X] (Inactive)
              • Votes:
                2 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: