Hey all,
I am trying to configure my SLIDE implementation to run against LDAP. I
can't afford to configure all of my LDAP users directly in my domain.xml
file. I was under the impression that I could have SLIDE recognize my
LDAP roles. Is this a true statement?
For instance:
I have allowed the role "/roles/Administrator" to have "all" access in
my domain.xml
<permission action="all" subject="/roles/Administrator"
inheritable="true"/>
I have a user in LDAP, myUser, who is a
memberOf=CN=Administrator,OU=Pie,OU=Groups,OU=Special Users and
Groups,OU=ABC,DC=devl,DC=org
But when I attempt to login, I get a 403 Forbidden message. It appears
SLIDE is not recognizing that my user has the Administrator role. And
this is where I think my fundamental misunderstanding of the difference
between roles and groups might be an issue.
Can anyone help clear up this confusion and perhaps recommend a solution
for my dilemma?
Thanks!
-Ryan
I have my domain.xml connecting to my LDAP server via:
<store name="users">
<nodestore
classname="org.apache.slide.store.txjndi.JNDIPrincipalStore">
<parameter
name="jndi.container">ou=ABC,dc=devl,dc=org</parameter>
<parameter name="jndi.attributes.rdn">cn</parameter>
<parameter
name="jndi.search.filter">(objectClass=user)</parameter>
<parameter
name="jndi.search.scope">SUBTREE_SCOPE</parameter>
<parameter
name="jndi.search.attributes">cn</parameter>
<parameter
name="java.naming.provider.url">ldap://my.ldap.org:389</parameter>
<parameter
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</par
ameter>
<parameter
name="java.naming.security.principal">eAdmin</parameter>
<parameter
name="java.naming.security.authentication">simple</parameter>
<parameter
name="java.naming.security.credentials">p1</parameter>
</nodestore>
<sequencestore
classname="org.apache.slide.store.txfile.FileSequenceStore">
<parameter
name="rootpath">store/sequence</parameter>
</sequencestore>
<securitystore
classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
<parameter
name="rootpath">users/store/metadata</parameter>
<parameter
name="workpath">users/work/metadata</parameter>
<parameter name="defer-saving">true</parameter>
<parameter name="timeout">120</parameter>
</securitystore>
<lockstore>
<reference store="securitystore"/>
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore"/>
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore"/>
</revisiondescriptorstore>
<contentstore>
<reference store="nodestore"/>
</contentstore>
</store>
<store name="roles">
<nodestore
classname="org.apache.slide.store.txjndi.JNDIPrincipalStore">
<parameter
name="jndi.container">ou=ABC,dc=devl,dc=org</parameter>
<parameter name="jndi.attributes.rdn">cn</parameter>
<parameter
name="jndi.attribute.groupmemberset">member</parameter>
<parameter
name="jndi.search.filter">(objectClass=group)</parameter>
<parameter
name="jndi.search.scope">SUBTREE_SCOPE</parameter>
<parameter
name="jndi.search.attributes">cn</parameter>
<parameter
name="java.naming.provider.url">ldap://my.ldap.org:389</parameter>
<parameter
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</par
ameter>
<parameter
name="java.naming.security.principal">eAdmin</parameter>
<parameter
name="java.naming.security.authentication">simple</parameter>
<parameter
name="java.naming.security.credentials">p1</parameter>
</nodestore>
<sequencestore
classname="org.apache.slide.store.txfile.FileSequenceStore">
<parameter
name="rootpath">store/sequence</parameter>
</sequencestore>
<securitystore
classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
<parameter
name="rootpath">roles/store/metadata</parameter>
<parameter
name="workpath">roles/work/metadata</parameter>
<parameter name="defer-saving">true</parameter>
<parameter name="timeout">120</parameter>
</securitystore>
<lockstore>
<reference store="securitystore"/>
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore"/>
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore"/>
</revisiondescriptorstore>
<contentstore>
<reference store="nodestore"/>
</contentstore>
</store>
