Re: [Carbon-dev] governance registry external roles

Tue, 22 Mar 2011 04:25:36 -0700 

Hi Dimuthu:

Content for MembershipAttribute should be full qualified. I explain
I have a "username" user in
cn=username, ou=users, o=base

and groups in
cn=certaingroup, ou=groups, o=base
and every group has a "member" attribute for every one of its members. This way, if "username" is part of "certaingroup" group, then the "certaingroup" has a member attribute with this value: 

attribute: member
value: cn=username, ou=users, o=base

Is this right or the value should be only
value: username
?




El 22/03/2011 9:16, Dimuthu Leelarathne escribió:

Hi,

Please see my comments inline.
2011/3/22 Roberto Mier Escandón <[email protected] <mailto:[email protected]>> 

    Hi
    I have a little problem. I configure wso2 governance registry to
    take users and roles from an external LDAP. Both them are listed
    into management console in "Users and Roles" option. I also
    configure UserStoreManager to set certain ldap attribute as
    "member" to establish a relationship between user and its roles
    (this relationship is valid). I can set permissions for any role.
    But these permissions are not taken into account by governance
    registry. On the other hand, if i create a new role and set same
    permissions to it, it works!!!.
    It seems as external role permissions were not taken into account
    and i was need to create an internal role instead. This seems not
    to be logic. Where i'm wrong?. Are external roles working properly
    in governance registry.
I checked the same scenario on Greg 3.5.0 version and it works fine for me when I tested with ApacheDS. One place that can go wrong is the relationship between users and roles. Did you set the following property in user-mgt.xml correctly? 

<Property name="MembershipAttribute">uniqueMember</Property>
If you have set this property correctly, I would like to know your LDAP flavour, so that we can investigate this problem more thoroughly. 

Thanks,
Dimuthu

    I use 3.5.0 version

    Thank you.
-- 
    Roberto Mier Escandón.

    _______________________________________________
    Carbon-dev mailing list
    [email protected] <mailto:[email protected]>
    http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev





--

Roberto Mier Escandón.


_______________________________________________
Carbon-dev mailing list
[email protected]
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Reply via email to