Reza,
What does this look like in your mh_default_org.xml file?
<!-- Enable anonymous access to the /info/me.json resource -->
<sec:intercept-url pattern='/info/me.json' method="GET"
access='ROLE_ANONYMOUS, ROLE_USER' />
It should have anonymous access. Can you get to that URL and does it show any
attributes coming from your LDAP? I added the ROLE I was expecting back from
LDAP (ROLE_EMPLOYEE) to that pattern and saw what I was looking for.
What attribute values are you expecting from LDAP? What value is in this key
in the
factories/org.opencastproject.userdirectory.ldap.LdapUserProvider.properties
file?
org.opencastproject.userdirectory.ldap.roleattributes.1=SOMETHING
Matt
----- Original Message -----
From: "VISIONAIRE-Reza Toghraee" <[email protected]>
To: "Matterhorn Users" <[email protected]>
Sent: Tuesday, January 17, 2012 1:42:08 PM
Subject: Re: [Matterhorn-users] Troubleshooting LDAP
Matt
Explain your setup? Can you please share your mh_default_org.xml file ?
I want it bad!
Thanks
Reza
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Matt
Mencel
Sent: Tuesday, January 17, 2012 10:09 PM
To: Matterhorn Users
Subject: Re: [Matterhorn-users] Troubleshooting LDAP
Bah! Nevermind it works. I didn't have the correct ROLE_EMPLOYEE info
configured in the right entries in mh_default_org.xml. Works brilliantly
when you do it right.
Thanks,
Matt
----- Original Message -----
From: "Matt Mencel" <[email protected]>
To: "Matterhorn Users" <[email protected]>
Sent: Wednesday, January 11, 2012 4:58:59 PM
Subject: [Matterhorn-users] Troubleshooting LDAP
I've got my matterhorn server configured with CAS and LDAP. CAS
authentication works fine....LDAP seems to be the issue.
This is configured...
org.opencastproject.userdirectory.ldap.roleattributes.1=objectClass
One of my objectClasses is "employee" so I'm assuming I can use
ROLE_EMPLOYEE in security/mh_defualt_org.xml like this...
<!-- Secure the management URLs for admins only -->
<sec:intercept-url pattern='/services/*' access='ROLE_ADMIN,
ROLE_EMPLOYEE' />
<sec:intercept-url pattern='/system/**' access='ROLE_ADMIN,
ROLE_EMPLOYEE' />
But when I login to matterhorn I'm not allowed to view those pages. I get
an "Access is denied" error.
I see in my LDAP logs that the bind is coming through, searching for the
correct user, and returning attributes.... I don't know though what
matterhorn is doing once it gets that query back, or why it's telling me
"Access is denied" when my user account has objectClass=employee in LDAP. I
can't even get to the /info/me.json page.
Matt
_______________________________________________
Matterhorn-users mailing list
[email protected]
http://lists.opencastproject.org/mailman/listinfo/matterhorn-users
_______________________________________________
Matterhorn-users mailing list
[email protected]
http://lists.opencastproject.org/mailman/listinfo/matterhorn-users
_______________________________________________
Matterhorn-users mailing list
[email protected]
http://lists.opencastproject.org/mailman/listinfo/matterhorn-users
_______________________________________________
Matterhorn-users mailing list
[email protected]
http://lists.opencastproject.org/mailman/listinfo/matterhorn-users
