[Deploying Sakai] Filter in jldap directory provider
Grossman,John E
john.grossman at mdanderson.org
Tue Jan 19 14:56:11 PST 2010
Is there a way to specify an LDAP search filter in the jldap-beans.xml without having to modify Java code?
Our Active Directory tree looks something like this:
DC=mdanderson,DC=edu
OU=People
OU=Archive
OU=Dept01
OU=Dept02
...
OU=Dept20
I need to start searching at OU=People because a current user can be in any of the department branches. Unfortunately, the same person sometimes shows up in both Archive and DeptX with the same email. For instance Jane Jones with user id jjones married and changed her name to Jane Smith with user id jsmith but kept her jjones email address. When the directory provider code looks up jjones at mdanderson.edu<mailto:jjones at mdanderson.edu>, it finds her in the archive branch before it finds her current record in Dept02 She gets enrolled as jjones when she should be enrolled as jsmith. Jjones is a dead account so she can't log in.
I'd like for the provider to use a filter like (&(mail=jjones at mdanderson.org)(!(accountExpires=0)))<mailto:mail=jjones at mdanderson.org)(!(accountExpires=0)))> or an approach that would eliminate the Archive branch from the search.
BTW - I know the person could be enrolled correctly by searching on her user id jsmith, but instructors often prefer to enter students by email address.
John Grossman
The University of Texas M. D. Anderson Cancer Center
john.grossman at mdanderson.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20100119/252d351e/attachment.html
More information about the production
mailing list