LDAP Group Filter for authorization in Activiti

Question

I am using activiti-ldap jar to achieve ldap in activiti. I am able to succeed with authentication but I am not able to perform authorization.

Code is using below filter to authenticate (It is giving result)

(&(objectClass=person)(objectClass=user)(sAMAccountName=my-name))

Code is using below filter to authorize (i.e search group based on authenticated user). The enunumeration is not giving any result

(&(objectClass=group)(member=my-distinguised-name))

However when use the same group filter Softerra LDAP Browser, it is giving result.

NamingEnumeration< ? > namingEnum = initialDirContext.search(baseDn, searchExpression, createSearchControls());

while (namingEnum.hasMore()) {
System.out.println("Inside While");
}

I am sure, I am missing something. Can anyone point out my mistake?

Greg Harley Greg Harley · Accepted Answer · 2013-12-23T17:10:15

I'm not sure if this answers your question, but something you have to be careful of when using a Distinguished name with Active Directory (I am assuming it is Active Directory because there is a sAMAccountName attribute) is comma's, or other special characters in the DN (an example would be cn=Harley, Gregory). Comma's and other special characters need to be escaped with a single backslash ("\"), Softerra may automatically escape these in the query string for you.

Like I said, it may not answer your question, but may give you an avenue to search.

Cheers, Greg

LDAP Group Filter for authorization in Activiti

1 Answers