I am using org.apache.shiro.realm.ldap.DefaultLdapRealm to authenticate against LDAP (using ldap://ldap.forumsys.com:389/dc=example,dc=com as an example).
However, when I try to check for Roles it always fails. It turns out that the DefaultLdapRealm returns null when searching for groups.
/**
* Method that should be implemented by subclasses to build an
* {@link AuthorizationInfo} object by querying the LDAP context for the
* specified principal.</p>
*
* @param principals the principals of the Subject whose AuthenticationInfo should be queried from the LDAP server.
* @param ldapContextFactory factory used to retrieve LDAP connections.
* @return an {@link AuthorizationInfo} instance containing information retrieved from the LDAP server.
* @throws NamingException if any LDAP errors occur during the search.
*/
protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals,
LdapContextFactory ldapContextFactory) throws NamingException {
return null;
}
There is a similar question from 2012, however, it looks like a copy of the code from the ActiveDirectoryRealm.
Does everyone who wants to use LDAP with groups using Shiro have to write a custom Realm?
Couldn't the DefaultLdapRealm take a property that configures the search filter for groups but doesn't require extra code (like the userDNTemplate is used for login)?
Does such a Realm already exist in a maven dependency?
