To start with, I would like to mention that this post is related to the following post:
https://communities.ca.com/message/241805210
For LDAP authentication to be working, I gave the following entries in distributed.properties file:
use.general.ldap.authentication=true
use.general.ldap.url=ldap://ipaddress:389
use.general.ldap.user.fqdn=uid=admin,o=techmahindra
use.general.ldap.user.password=xxxxx
Also, I gave the following in the applicationContext-acegi-security.xml file:
<b:bean id="ldapAuthProvider"
class="com.nolio.platform.server.dataservices.services.auth.providers.NolioLdapAuthenticationProvider">
<b:constructor-arg>
<b:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<b:constructor-arg ref="ldapSecurityContextSource"/>
<b:property name="userDnPatterns">
<b:list>
<b:value>uid={0},ou=devops,o=techmahindra</b:value>
<b:value>memberOf=cn=cara-users,ou=groups,ou=devops,o=techmahindra</b:value>
</b:list>
</b:property>
</b:bean>
</b:constructor-arg>
The above piece of code is not working as expected - that is, all the users registered in the LDAP are able to login into the CA Release Automation web application irrespective of whether the user is part of the aforementioned "cara-users" group or not. (It means that the above mentioned entry memberOf=cn=cara-users,ou=groups,ou=devops,o=techmahindra is not taking effect). I would like to change the settings such that only members of the "cara-users" group are able to login into the CA Release Automation web application.
Not sure how to do that even after trying out various options. Your inputs are really appreciated.