Hi. I want to use a hirachy of groups in the user/group configuration in combination with LDAP login module and the group/role mapping. But a group within a group is not working right now.
I have an LDAP user "test2" with the group "test2group". The group "test2group" is part of the group "esb". In the karaf configuration the group "esb" is mapped to the role "admin". When I login with the user "test1", the user is not able to invoke the admin restricted commands. Any Idea how to get this working? I tried to reproduce this as small as possible with the file based user configuration. I'm not sure it is 100% representive. My user.properties looks like this: User.properties: karaf = karaf,_g_:admingroup _g_\:admingroup = group,admin,manager,viewer,systembundles _g_\:test2group = group,_g_:admingroup test1 = test1,viewer test2=test2,_g_:test2group test3=test3 When I login with an admin role account I can see the group/role is interpreted as I want. karaf@trun()> realm-manage --realm karaf karaf@trun()> jaas:user-list User Name | Group | Role -------------------------------------- karaf | admingroup | admin karaf | admingroup | manager karaf | admingroup | viewer karaf | admingroup | systembundles test1 | | viewer test2 | test2group | admin test2 | test2group | manager test2 | test2group | viewer test2 | test2group | systembundles test3 | | But if I try to invoke a command with only admin role privileges it is not working: For example:Command not found: feature:install What do you think? Something misconfigured? Is group in group not supported? Is it a bug? With best regards Christian -- View this message in context: http://karaf.922171.n3.nabble.com/Karaf-4-0-3-ACL-group-in-group-not-working-tp4047197.html Sent from the Karaf - User mailing list archive at Nabble.com.
