Bah! Nevermind it works. I didn't have the correct ROLE_EMPLOYEE info configured in the right entries in mh_default_org.xml. Works brilliantly when you do it right.
Thanks, Matt ----- Original Message ----- From: "Matt Mencel" <[email protected]> To: "Matterhorn Users" <[email protected]> Sent: Wednesday, January 11, 2012 4:58:59 PM Subject: [Matterhorn-users] Troubleshooting LDAP I've got my matterhorn server configured with CAS and LDAP. CAS authentication works fine....LDAP seems to be the issue. This is configured... org.opencastproject.userdirectory.ldap.roleattributes.1=objectClass One of my objectClasses is "employee" so I'm assuming I can use ROLE_EMPLOYEE in security/mh_defualt_org.xml like this... <!-- Secure the management URLs for admins only --> <sec:intercept-url pattern='/services/*' access='ROLE_ADMIN, ROLE_EMPLOYEE' /> <sec:intercept-url pattern='/system/**' access='ROLE_ADMIN, ROLE_EMPLOYEE' /> But when I login to matterhorn I'm not allowed to view those pages. I get an "Access is denied" error. I see in my LDAP logs that the bind is coming through, searching for the correct user, and returning attributes.... I don't know though what matterhorn is doing once it gets that query back, or why it's telling me "Access is denied" when my user account has objectClass=employee in LDAP. I can't even get to the /info/me.json page. Matt _______________________________________________ Matterhorn-users mailing list [email protected] http://lists.opencastproject.org/mailman/listinfo/matterhorn-users _______________________________________________ Matterhorn-users mailing list [email protected] http://lists.opencastproject.org/mailman/listinfo/matterhorn-users
