-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rupert,
Rupert Whitefield wrote:
|> Roles (users windows domain groups) are being returned, however the
|> issue is that AD is returning the DN, and not the 'cn'. Have tried
|> various values in the roleName field - but these have no effect.
Are CNs unique? I would be concerned that cn=admin,dc=admins would be
confused with cn=admin,dc=h4x0r5, if someone got ahold of your AD server.
|> I can change the <role-name> definitions in the web.xml files to match
|> what is being returned - but this isn't ideal, and I still have issues
|> with the ',' in the role when using struts.....
Hmm... role-name elements in web.xml must be NMTOKENs, which means:
NameChar ::= Letter | Digit | '.' | '-' | '_' | CombiningChar | Extender
Nmtoken ::= (NameChar)+
(Where 'Letter' and 'Digit' are obvious)
'Extender' includes the '.' character and a bunch of higher-order
UNICODE characters. 'CombiningChar' also includes higher-order UNICODE
characters. I didn't bother looking any of them up, but you can use this
page for reference:
http://www.w3.org/TR/1998/REC-xml-19980210Perhaps commas are not legal in the role-name in the first place. That
could be a problem :(
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.orgiEYEARECAAYFAkf7grUACgkQ9CaO5/Lv0PDcLgCeKw9vFRml1kVxTe0M79uGX+4L
DMkAoI5TRYT8xlZKYjqSqcCJUuGVzG2a
=13Yo
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail:
users@...
To unsubscribe, e-mail:
users-unsubscribe@...
For additional commands, e-mail:
users-help@...
