Spring Security
  1. Spring Security
  2. SEC-1182

allow multiple ldap-authentication-provider elements (or allow multiple user search bases)

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.4
    • Fix Version/s: 3.0.0 M2
    • Component/s: LDAP
    • Labels:
      None

      Description

      As in the forum posting, but I can't find any ticket that "phamlen" created for this.

      I'm ok with either the complete duplicate element syntax, as in the forum posting, or having just one provider and a list of search bases.

      I'd probably go with the duplicate listing, as that falls in nicely with the other auth providers.

        Activity

        Hide
        Karl Palsson added a comment -

        Patches for trunk and the 2.x branch. Makes "id" an allowed attribute on the ldap-authentication-provider elements, and registers the beans correctly using that ID. Existing auth code was already quite happy to have multiple auth sources. (This could apparently be done using direct bean config, just not using the schema config)

        Show
        Karl Palsson added a comment - Patches for trunk and the 2.x branch. Makes "id" an allowed attribute on the ldap-authentication-provider elements, and registers the beans correctly using that ID. Existing auth code was already quite happy to have multiple auth sources. (This could apparently be done using direct bean config, just not using the schema config)
        Hide
        Luke Taylor added a comment -

        I think this should no longer be required, as of the changes for SEC-1196.

        The global identifier for the LDAP provider no longer exists and all the namespace providers must be registered within the <authentication-manager /> element. The beans will be parsed immediately and added to the provider list. So it should be possible to use multiple LDAP providers (though I haven't tried it yet ).

        Show
        Luke Taylor added a comment - I think this should no longer be required, as of the changes for SEC-1196 . The global identifier for the LDAP provider no longer exists and all the namespace providers must be registered within the <authentication-manager /> element. The beans will be parsed immediately and added to the provider list. So it should be possible to use multiple LDAP providers (though I haven't tried it yet ).
        Hide
        Luke Taylor added a comment -

        I've added a test to check that it is now possible to have two LDAP providers configured within the <authentication-manager> element, so closing the issue.

        Thanks for taking the time to submit a patch though .

        Show
        Luke Taylor added a comment - I've added a test to check that it is now possible to have two LDAP providers configured within the <authentication-manager> element, so closing the issue. Thanks for taking the time to submit a patch though .

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Karl Palsson
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: