Richard Unger <[EMAIL PROTECTED]> writes: > Quoting Martin Holz <[EMAIL PROTECTED]>: > > > Hello Martin, > > > > "Martin Dulisch" <[EMAIL PROTECTED]> writes: > > > > > > > Is it possible to create Groups via the WebDAV interface? > > > > I'd like to > > > > > create a User Group and add/link users to it. K.C. > > > > > > > > I think, there are no utility methods for doing this, but groups are > > > > normal resources with certain properties, which can be created > > > > using propatch. > > > > > > > > > > Martin, are you sure? Have you tried this? Principal resources are created > > > from the referenced user database (e.g. LDAP). Whe you create a principal > > > resource it has to be written to the user database too. I have never > > heared > > > that this is possible. > > > > No, I did not try it. If and what is possible depends on the exact setup. > > Slide gets the user from the servlet container. However to conform to the acl > > > > specs, the user database must be mapped also to webdav resources at /users. > > Usually you configure the container so, that every known user get access to > > the slide servlet at container level. Slide will take care for a more > > fine grained access control. > > You can not add users to slide using the webdav API, unless the underlying > > store (or a interceptor) forwards changes to the user database used by the > > servlet container (e.g. the slide realm). > > > > AFAIK, however, slide does not map the users to /users, but actually requires > you to create them as resources. I think this is a problem, and slide should be > mapping them for the container actually storing the users, rather than storing > them again as resources.
No, slide does not map the users from the servlet container automatically to a webdav resource. AFAIK, this can't be done in a portable way, since the Servlet API does not expose a list of existing users to the servlet. However it can be done in a container/user database specfic way. I do it for my setup and I assume, that everybody, who need suffistcated authorization will have do it. Basically there are two strategies to make the servlets user database available to slide. 1) Write a custom store, which maps the user database to slide. 2) Copy the content of the user database to slide using webdav. This can be done either in a batch job or by trigger which is called whenever the user database changes. > Last time I looked into it, users and groups could be allocated for slide simply > by creating these resources and associated properties, using standard webdav > methods. > > Note that AFAIK this goes well beyond the spec, which only requires that the > users be mapped to a portion of the webdav namespace, visible to users with > sufficient priveleges, but not writeable. Btw. what is the best way to write a readonly store in slide? > > However Slide does not get the roles from the servlet container. The groups > > live > > only in the repository. So I see no reason, you could not manipulate them > > using > > webdav PROPATCH. No changes to the user database are required. > > > > The roles are hard-wired into slide as classes, a design I do not understand at all. I think, this changed recently. Roles are not longer supported in slide at all, only groups. I was talking about the mapping from servlet roles to slide groups. > The short and long of it is that there is currently no good way to allocate > users for slide. I am afraid you are right. > If using the SlideRealm you can create users using webdav > methods, if you know what you are doing. If using container based authentication > and a different user provider you will have to allocate the users on slide and > on the other database seperately. ... or write a custom store, which interacts with you user database. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
