Hi,
we are using ldap add-on and we would like to synchronize roles from ldap. Is it possible to fetch also operational attributes and synchronize jmix roles from isMemberOf attributes?
Regards,
Beatrix
Hi,
You can create a bean of type LdapUserAdditionalRoleProvider, using which you can get access to any user attribute form ldap, e.g. assuming I have an employeeType custom attribute for ldap user:
@Component
public class AppLdapUserAdditionalRoleProvider implements LdapUserAdditionalRoleProvider {
private final RowLevelRoleRepository rowLevelRoleRepository;
public AppLdapUserAdditionalRoleProvider(RowLevelRoleRepository rowLevelRoleRepository) {
this.rowLevelRoleRepository = rowLevelRoleRepository;
}
@Override
public Set<GrantedAuthority> getAdditionalRoles(DirContextOperations user, String username) {
String[] roleCodes = user.getStringAttributes("employeeType");
if (roleCodes == null || roleCodes.length == 0) {
return Collections.emptySet();
}
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
for (String roleCode : roleCodes) {
RowLevelRole role = rowLevelRoleRepository.findRoleByCode(roleCode);
if (role != null) {
RoleGrantedAuthority authority = RoleGrantedAuthority.ofRowLevelRole(role);
grantedAuthorities.add(authority);
}
}
return grantedAuthorities;
}
}
Regards,
Gleb
Hi Gleb,
thank you for your quick answer.
The problem is that we would need attribute from the operational attributes, not from the default attributes. Where can we set that we need also “isMemberOf” attribute (what is operational attribute)?
Furthermore we would like to save these roles from “isMemberOf” attribute to Resource roles - if they are not exist yet. Is that possible? Sorry, that I wasn’t clear enough in my first question.