Tagged: ,

This topic has 1 reply, 2 voices, and was last updated 5 months ago by Ludo.

  • Author
    Posts
  • #28532

    Morning,
    I am trying to work out how to create alias entries within FRDS.
    Here is my use case. I have a user who has multiple Roles within an organisation with each role being given different roles. i.e John uid=john
    – in his Case Manager Role has the roles A and B
    – in his Reviewer Role has the roles B ad C

    I thought I could create an 2 Alias entries uid=john_casemanager and uid=john_reviewer and then add the appropriate uniquemember attributes to groups A, B and C. This way in FRAM I could create an Authentication Tree that would first look for uid=john and authenticate them, then get an roleAliases attribute that would contain Case Manager and Reviewer to allow the user to select the correct Role they need today. Then I could lookup and set the FRAM Profile to use the alias requested and that entry would have all the attributes of uid=john, whilst being uid=john_casemanager to find the correct roles (frds groups).

    However it looks like the alias objectclass is not de-referencing the requested entry when an alias request is being made and reading the document it looks like it is not supported.

    Has anybody found a way to make this work?

    I could try and make FRIM create multiple entries and try and keep the profiles in sync, but that feels like a messy solution. Trying to keep multiple groups in sync with FRIM also feels messy, so the alias approach seemed to be the way to go.

    Regards
    Nicholas Irving

    #28543
     Ludo
    Moderator

    Hi,

    OpenDJ, like OpenDS, does support defining aliases, but doesn’t support alias dereferencing. It has always been mentioned in the known limitations.
    Alias dereferencing seems like a nice feature, but adds a lot of complexity to the server’s query processing, especially around index processing and access controls. As it’s very rarely used, we’ve chosen not to clutter the server with it.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?