Hello Jun,
if you fetch roles from the LDAP server too then the users have the roles defined in
the LDAP server. That means you do not assign any roles to users via Slide because
this information should be contained in the LDAP directory. JNDIPrincipalStore is
readonly anyway, so you cannot change anything via Slide/WebDAV. If you want to assign
a role to a user you have to create that role in the LDAP directory and assign the
appropriate users as members.
The roles store definition in Domain.xml looks very similar to the users store
definition. For roles you use an additional store parameter like e.g.
<parameter name="jndi.attributes.groupmemberset">member</parameter>
This means that the membership of users in roles is read from the given LDAP attribute
"member". It can contain several paths to user nodes. In our environment users and
roles are stored under the same LDAP node. The distinction is made by the object class:
<parameter name="jndi.search.filter">(objectClass=user)</parameter> (for users)
<parameter name="jndi.search.filter">(objectClass=group)</parameter> (for roles)
In my last mail there was an example Domain.xml about how to configure users and roles for LDAP.
I would recommend to change the store definitions as needed. Please make sure, that no users and
roles are contained in the data section (subnodes of /users and /roles). Last step is to change
all node permissions according to your available users and roles from the LDAP directory. So
your "root" role will be any admin role coming from the LDAP directory.
Hope this helps,
best regards,
Stefan
Am Thu, 21 Oct 2004 19:42:23 -0700 (PDT) schrieb Gao Jun <[EMAIL PROTECTED]>:
Stefan,
I'm now trying to set up the roles store in LDAP server as well, but I don't know how
to
do that. For example, if I have a user defined in LDAP server: [EMAIL PROTECTED]
I want assign the root role to this user, then what should I do in LDAP server?
And is there any attribute I need to modify in the Domain.xml? Thanks.
regards,
Jun
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
