Hi Stefan, I think the principal part should be fine because I've defined the user in LDAP server. I've tried to shutdown the ldap server, and during slide init time, error will be reported: 21 Oct 2004 10:13:15 - org.apache.slide.store.txjndi.JNDIPrincipalStore - CRITICAL - JNDIPrincipalStore[/users]: Error Connecting to LDAP Server javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused: connect]
And when I start the LDAP server, the log will say: 21 Oct 2004 10:17:43 - org.apache.slide.common.XMLUnmarshaller - INFO - Loading object /users 21 Oct 2004 10:17:43 - org.apache.commons.transaction.file.FileResourceManager - INFO - Starting RM at 'roles/store/metadata' / 'roles/work/metadata' 21 Oct 2004 10:17:43 - org.apache.commons.transaction.file.FileResourceManager - INFO - Started RM 21 Oct 2004 10:17:43 - org.apache.slide.common.XMLUnmarshaller - INFO - Object already exists at /users So I think the Slide should have already read the user info from LDAP server successfully. The problem might exist in the part of mapping those info to the role info, I guess. Do you have a running server which has similar configuration, combining LDAP store and JDBC store? If so, could you show me the Domain.xml as a sample and tell me how you create the users in LDAP server? Thank you very much. regards, Jun Stefan Fromm <[EMAIL PROTECTED]> wrote: Hi Jun, the only strange thing in your configuration is the principal "cn=Manager,dc=jgao,dc=com". I do not know if you can connect to the ldap server with a user like this. Because you wrote that e.g. the admin has the name "[EMAIL PROTECTED]". I would expect something like [EMAIL PROTECTED] Regards, Stefan Am Tue, 19 Oct 2004 23:16:54 -0700 (PDT) schrieb Gao Jun : > Hi Stefan, > > Thanks for your reply. But I still can't find out the problem. > > In my Domain.xml, I have: > > > > ou=People,dc=jgao,dc=com > uid > (objectClass=person) > ONELEVEL_SCOPE > > ldap://localhost:389 > com.sun.jndi.ldap.LdapCtxFactory > cn=Manager,dc=jgao,dc=com > simple > Manager > > 15 > 800 > 15000 > > > Then in my ldap server, I does have user > [EMAIL PROTECTED] > defined under "ou=People,dc=jgao,dc=com". > > In Domain.xml, I have: > > > > > /users/[EMAIL PROTECTED]> > > > > > And I checked the DB, found it has been saved to the table properties successfully. > > And for the root node, I have defined in Domain.xml: > > > > ........ > > But when I try login. I still get the forbidden error: > > org.apache.slide.webdav.WebdavException: Forbidden > > Can you see any problem in the configuration? Thanks. > > regards, > > Jun > > Stefan Fromm wrote: > Jun, > > I think that the "Forbidden" results from that user names mapped by the ldap store > and the user names in Slide's node permissions do not match. If you have set node > permissions with roles then maybe the added user names per role do not match the > mapped user names from the ldap store. > >> 1. Is it required that I have to store "/roles" node to ldap, too if I store >> "/users" >> to ldap server? For now, I still store "/roles" in jdbc store. Is that a problem? > > No it's not required. But I would recommend using the ldap store for roles too, > because then you do not have to update role memberships twice (first in the ldap > directory and second in the Slide repository) in case of changes. > >> 2. If I don't put any subnodes under "/users" in the domain.xml, could I still >> define those user members under "/roles"? > > Yes, because the user nodes are mapped into Slide's namespace by the ldap store. But > make sure that the user names which you use in the role membership definition match > the user names of the ldap store. > > I had some problems myself with the user names because in our environment the user > names were mapped into Slide with real names, not with the login names. Thus no > security checking worked with the node permissions I gave. You can switch off > security in slide.properties for first, if you want to see results of your > configuration. > > Best regards > Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
