Jun,
sorry for the late answer.
The value is the absolute path of the user entry. E.g.:
[EMAIL PROTECTED],CN=Users,DC=...,DC=...,DC=de
I don't know your LDAP configuration. But you can read this value from the LDAP browser.
Regards Stefan
Am Sun, 24 Oct 2004 06:25:42 -0700 (PDT) schrieb Gao Jun <[EMAIL PROTECTED]>:
Stefan,
If I have created the root role node in my LDAP server, and I want to add two users [EMAIL PROTECTED] and [EMAIL PROTECTED] to this role, then what's the value forthe "member" attribute of the root node in LDAP server? Just "[EMAIL PROTECTED];[EMAIL PROTECTED]"? Thanks.
regards,
Jun
Stefan Fromm <[EMAIL PROTECTED]> wrote: Hello Jun,
if you fetch roles from the LDAP server too then the users have the roles defined in the LDAP server. That means you do not assign any roles to users via Slide because this information should be contained in the LDAP directory. JNDIPrincipalStore is readonly anyway, so you cannot change anything via Slide/WebDAV. If you want to assign a role to a user you have to create that role in the LDAP directory and assign the appropriate users as members.
The roles store definition in Domain.xml looks very similar to the users store definition. For roles you use an additional store parameter like e.g.
member
This means that the membership of users in roles is read from the given LDAP attribute "member". It can contain several paths to user nodes. In our environment users and roles are stored under the same LDAP node. The distinction is made by the object class:
(objectClass=user) (for users)
(objectClass=group) (for roles)
In my last mail there was an example Domain.xml about how to configure users and roles for LDAP. I would recommend to change the store definitions as needed. Please make sure, that no users and roles are contained in the data section (subnodes of /users and /roles). Last step is to change all node permissions according to your available users and roles from the LDAP directory. So your "root" role will be any admin role coming from the LDAP directory.
Hope this helps, best regards,
Stefan
Am Thu, 21 Oct 2004 19:42:23 -0700 (PDT) schrieb Gao Jun :
Stefan,
I'm now trying to set up the roles store in LDAP server as well, but I don't know how to do that. For example, if I have a user defined in LDAP server: [EMAIL PROTECTED] I want assign the root role to this user, then what should I do in LDAP server? And is there any attribute I need to modify in the Domain.xml? Thanks.
regards,
Jun
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------- Do you Yahoo!? vote.yahoo.com - Register online to vote today!
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
