Reputation: 1
Check custom LDAP attribute in OpenAM 13
I'm using OpenAM 13 to provide single-sign-on capabilities to a suite of applications. The authentication itself is provided by LDAP, as there is an existing LDAP store used by other applications outside the scope of this single-sign-on.
A custom attribute called userattrib1 has been added to each users LDAP record. When this attribute is set to 999, the user is not allowed to log onto the single-sign-on, for all other values they are allowed to log on. I realise this is an unusual setup, however this is part of a pre-existing application.
How would I go about configuring OpenAM 13 to support this check? I'd like to avoid performing this check in the end-user applications, as there are several applications I'd have to add the check to.
Upvotes: 0
Views: 192
Answers (1)
Reputation: 2744
If LDAP auth module is used you can specify a user search-filter to leverage the custom attribute.
However NOT searchfilters like
userattrib1 != 999
will typically lead to unindex searches and can not really be used, instead you should check how many distinct 'passing' values you have and then use that in a compound filter like
(|(userattrib1=123)(userattrib1=124)(userattrib1=125)(userattrib1=126))
potentially you can even 'group' the values to use a substring filter like
userattrib1=12*
depending on the filter used you need an equality index or/and a substring index configured for attribute userattrib1
Upvotes: 0
Related Questions
- How to read operational attributes from ldap server
- OpenLDAP - Add open-ldap defined attributes to custom class
- OpenLDAP sAMAccountName as custom attribute
- Check if user authentication in Active DIrectory
- CAS 4.2 get LDAP attributes
- How to configure LDAP authentication module instance in OpenAM
- Authenticate against a specific attribute in OpenLDAP
- OpenLdap add custom attribute type
- could not create a new user in openam after customize opendj attribute
- use custom attributes in openldap