Thanks Dave. Yes there is a groupSearchFilter property in acegi that
defaults to member - I've
set it to "(uniqueMember={0})" in DefaultLdapAuthoritiesPopulator in
security.xml.
The ldap seach is now finding me as a uniqueMember of the groups but I'm
still getting 403 errors.
In the userrole table in the database I have a single entry with a
rollname of 'editor' & have therefore
assumed that I needed to be in a ldap group of cn=editor, ou=groups,
dc.... etc. I also set ou to be 'editor'
and have tried using either cn or ou as groupRoleAttribute - I get 403
regardless. I've tried with
and without being a member of a 'register' group & again this makes no
difference.
How can I turn on logging to see what roller is doing? What exactly does
roller need to get
from the ldap search to grant access?
Steve
Dave wrote:
On Fri, Apr 18, 2008 at 10:53 AM, Steve McCain <[EMAIL PROTECTED]> wrote:
I've spotted from the ldap access log that the group membership search is
actually using 'member' rather than 'uniqueMember' as the group attribute. How
do I change
this?
Hmm... I don't see any reference to "member" in the Roller source
code. Perhaps this is something that is being done under the covers by
the Acegi security system? You might have to hit the Acegi docs to
figure this one out. Hopefully, it's something that is pluggable.
- Dave
