What needs fixing (summarizing results of discussion from issue #3128):
1) Make the groupname validation actually match what acegi will do when finding
roles at login time.. check the acegi settings if possible to see what prefix
and case should be used.
2) Improve the documentation so people know to enter the prefix and use
uppercase, and maybe a mention of how to change this behavior. Probably we
won't change these defaults so we don't break installs of people already using
the prefix and caps.
morlach01 wrote:
It is in the last 2 properties acegi uses in the default bean config.
<bean id="ldapAuthoritiesPopulator"
class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
<constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
<constructor-arg><value>ou=groups</value></constructor-arg>
<property name="groupRoleAttribute"><value>ou</value></property>
<!-- the following properties are shown with their default values -->
<property name="searchSubTree"><value>false</value></property>
<property name="rolePrefix"><value>ROLE_</value></property>
<property name="convertToUpperCase"><value>true</value></property>
</bean>
add "LDAP" and "ROLE_" in summary