Stefan,
If I have created the root role node in my LDAP server, and I want to add two users
[EMAIL PROTECTED] and [EMAIL PROTECTED] to this role, then what's the value forthe
"member" attribute of the root node in LDAP server? Just "[EMAIL PROTECTED];[EMAIL
PROTECTED]"? Thanks.
regards,
Jun
Stefan Fromm <[EMAIL PROTECTED]> wrote:
Hello Jun,
if you fetch roles from the LDAP server too then the users have the roles defined in
the LDAP server. That means you do not assign any roles to users via Slide because
this information should be contained in the LDAP directory. JNDIPrincipalStore is
readonly anyway, so you cannot change anything via Slide/WebDAV. If you want to assign
a role to a user you have to create that role in the LDAP directory and assign the
appropriate users as members.
The roles store definition in Domain.xml looks very similar to the users store
definition. For roles you use an additional store parameter like e.g.
member
This means that the membership of users in roles is read from the given LDAP attribute
"member". It can contain several paths to user nodes. In our environment users and
roles are stored under the same LDAP node. The distinction is made by the object class:
(objectClass=user)
(for users)
(objectClass=group)
(for roles)
In my last mail there was an example Domain.xml about how to configure users and roles
for LDAP. I would recommend to change the store definitions as needed. Please make
sure, that no users and roles are contained in the data section (subnodes of /users
and /roles). Last step is to change all node permissions according to your available
users and roles from the LDAP directory. So your "root" role will be any admin role
coming from the LDAP directory.
Hope this helps,
best regards,
Stefan
Am Thu, 21 Oct 2004 19:42:23 -0700 (PDT) schrieb Gao Jun :
> Stefan,
>
> I'm now trying to set up the roles store in LDAP server as well, but I don't know
> how to
> do that. For example, if I have a user defined in LDAP server: [EMAIL PROTECTED]
> I want assign the root role to this user, then what should I do in LDAP server?
> And is there any attribute I need to modify in the Domain.xml? Thanks.
>
> regards,
>
> Jun
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------
Do you Yahoo!?
vote.yahoo.com - Register online to vote today!
