Stefan, I'm now trying to set up the roles store in LDAP server as well, but I don't know how to do that. For example, if I have a user defined in LDAP server: [EMAIL PROTECTED] I want assign the root role to this user, then what should I do in LDAP server? And is there any attribute I need to modify in the Domain.xml? Thanks. regards, Jun
Stefan Fromm <[EMAIL PROTECTED]> wrote: Hi Jun, I've set up a configuration similar to yours. The user data comes from a JNDIPrincipalStore. For the role data I didn't configure a special store, but used the default store "tx" for it. Further I switched off authentication in the web.xml inside slide.war. The problem is that the role data is not correctly mapped into Slide even when it exists. I checked that with the file based stores for "tx": the metadata is available on the hard disk and looks ok (at first glance). The role data is also not mapped into Slide when "tx" uses JDBCStore for storing data (same problem). To make it working I had to use the JNDIPrincipalStore for roles too. See the attached Domain.xml. Your principal name must be ok. Otherwise you would see an error in the log. I checked that too. I don't know how the LDAP directory is maintained in our environment. It's an MS Active Directory. I think there are used several tools for maintaining users and roles. But this is not the only thing which is contained there. So I guess there are used specific tools for each task. Under the link http://www-unix.mcs.anl.gov/~gawor/ldap/ you can find a generic LDAP browser/editor. For testing purposes it should be enough. But I don't know how far it gives support when managing complex interrelations. As a question to the Slide community: Why isn't it possible to separate user and role data to different stores. I had already experienced this problem with the file based stores (earlier with Slide 2.0 if I remember correctly). Regards Stefan com.mysql.jdbc.Driver jdbc:mysql://localhost:3306/jettyslide root org.apache.slide.store.impl.rdbms.MySqlRDBMSAdapter true 10 store/sequence store/content work/content true 120 120 CN=Users,DC=...,DC=...,DC=de CN (objectClass=user) ONELEVEL_SCOPE mail,fullName,telephoneNumber ldap://... com.sun.jndi.ldap.LdapCtxFactory ... simple ... store/sequence 120 CN=Users,DC=...,DC=...,DC=de CN member (objectClass=group) ONELEVEL_SCOPE cn ldap://... com.sun.jndi.ldap.LdapCtxFactory ... simple ... store/sequence /actions/read /actions/write /actions/write /actions/write-acl /actions/write-acl /actions/read-acl /actions/read-current-user-privilege-set /actions/write /actions/unlock /actions/read /actions/read /actions/write-properties /actions/write-properties /actions/write-properties /actions/read /actions/write-content /actions/write-content /actions/write-content /actions/bind /actions/unbind /users /roles /actions /files true true path 0 full true enters at login to lowercase. This is useful for users who can't be bothered with turning off their capslock key before logging in. --> false any user "all" authenticated user "authenticated" unauthenticated user "unauthenticated" self "self" owner of resource "owner" a user "/users/john" a role "/roles/admin" --> /actions/read-acl /actions/read-current-user-privilege-set]]> /actions/write-acl /actions/write-properties /actions/write-content]]> /actions/bind /actions/unbind]]> --------------------------------- Do you Yahoo!? vote.yahoo.com - Register online to vote today!
