if you think the filter's specified are correct you may want to look at LDAPRealm.java and see if there is a bug. Or please file a bug and let us know how we can reproduce it.
On 21-Nov-2011, at 9:25 PM, forums_at_java.net wrote:
> We are looking to port an existing Java application form WebSphere 7 to
> GlassFish and have discovered an issue with nested groups.
>
> We have setup our realms and have got security working with specified users
> and with single tier groups, however are struggling to get nested groups
> working. Please find below one of pur realm configs.
>
> <auth-realm name="ACL-AD"
> classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm">
> <property name="search-bind-dn" value="CN=websphere
> admin,OU=ACL Users,DC=ACL,DC=MANCS"></property>
> <property name="search-bind-password"
> value="*******"></property>
> <property name="search-filter"
> value="(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))"></property>
> <property name="group-search-filter"
> value="(&(objectCategory=group)(member=%d))"></property>
> <property name="jaas-context"
> value="ldapRealm"></property>
> <property name="base-dn" value="OU=ACL
> Users,DC=ACL,DC=MANCS"></property>
> <property name="directory"
> value="ldap://*.*.*.*:389"></property [1]>
> </auth-realm>
>
> We have tried this configuration with both Active Directory and Apache
> Directory Server so we are pretty sure it is'nt an issue with our directory
> config.
>
> Thanks in advance for your help.
>
>
> [1] http://www.java.net//*.*.*.*:389"></property
>
> --
>
> [Message sent by forum member 'kytie']
>
> View Post: http://forums.java.net/node/866269
>
>