0

For my application, I need to be able to let users log in via Active Directory. I've configured the LDAP Realm in Glassfish 4, and as long as the users are part of the groups I specify, everything works as it should. But when the user is member of a nested group, Glassfish doesn't map the groups like it should.

I've been looking for this quite some time, and I have found that Glassfish isn't ready for nested groups. Although those statements come from Glassfish V2 and 3.x.

I can't really find a work-around either.

Erates

Erates
  • 646
  • 1
  • 9
  • 24
  • are you using extended AD search filter syntax for nested groups? like in this post? http://stackoverflow.com/questions/6195812/ldap-nested-group-membership – Dave Bennett Feb 23 '15 at 14:45

1 Answers1

0

Microsoft specifies a specific search filter for getting nested groups. The filters I found were only for (nested) members of a specific group, not (nested) groups for a specific user. The group-search-filter I needed to use is this one:

(member:1.2.840.113556.1.4.1941:=%d)

I hope anybody looking for the answer to this problem will find this post. For the other Microsoft Active Directory specific filters, click here.

Erates
  • 646
  • 1
  • 9
  • 24