...
Behavior for Accounts with Differing Passwords
...
| title | Important |
|---|
The following points apply for a multi-realm environment, where one of the realms is the iniRealm and when the user accounts have a common name but different passwords:
...
When the SOS Authenticator is used with the First Successful strategy:
- If the authorization occurs through the ini realm then the user account will only be assigned the roles specified for the ini realm. The LDAP realm(s) will be ignored.
- If the authorization occurs through an LDAP realm then, regardless of whether or not the same password is used in each realm:
- The user account will be assigned the role(s) specified for the account in the (first) authorizing realm.
- The user account will also be assigned the role(s) specified for the account in the ini realm.
- This behavior ensures that a login is possible in the event of problems with the LDAP realm(s).
- The order in which the realms are specified in the
securityManager.realmsparameter is not significant here. - The ldap.roleAssignmentFromIni=false setting (default true) can be used to modify the behavior of the First Successful strategy so that roles from the ini realm are not assigned
...
B) When using the At Least One Successful strategy:
- ...
C) When using the All Successful strategy:
...
- .