Hi Ryan, Jeroen,
I too am looking at using LDAP for Slide Authentication.
I currently have two JNDIPrincipalStore stores set up that connect to my OpenLDAP Directory service; one that acts as a Users store and one that acts as a Roles store. I'm using Tomcat as my app server.
I've just started to look at using both Users and Roles to control access by specifying the rules in Domain.xml and will let you know how I get on.
In the mean time, I'd also be very grateful if someone can confirm whether it is possible to use the LDAP roles to control access with this setup?
Regards,
Greg
-----Original Message-----
From: Jeroen Reijn [
mailto:[EMAIL PROTECTED]]Sent: 09 September 2005 14:38
To: Slide Users Mailing List
Subject: Re: ACL Roles versus Groups concerning LDAP
Hi Ryan,
I'm looking at slide authentication with LDAP as well.
Looking at the javadoc you cannot directly authenticate with Slide, but you will
need something like Tomcat or Jetty in front.
See for more information:
Greetz,
Jeroen
Ryan Yanchuleff wrote:
> Hey all,
>
>
>
> I am trying to configure my SLIDE implementation to run against LDAP. I
> can't afford to configure all of my LDAP users directly in my domain.xml
> file. I was under the impression that I could have SLIDE recognize my
> LDAP roles. Is this a true statement?
>
>
>
> For instance:
>
>
>
> I have allowed the role "/roles/Administrator" to have "all" access in
> my domain.xml
>
> <permission action="" subject="/roles/Administrator"
> inheritable="true"/>
>
>
>
> I have a user in LDAP, myUser, who is a
> memberOf=CN=Administrator,OU=Pie,OU=Groups,OU=Special Users and
> Groups,OU=ABC,DC=devl,DC=org
>
>
>
> But when I attempt to login, I get a 403 Forbidden message. It appears
> SLIDE is not recognizing that my user has the Administrator role. And
> this is where I think my fundamental misunderstanding of the difference
> between roles and groups might be an issue.
>
>
>
> Can anyone help clear up this confusion and perhaps recommend a solution
> for my dilemma?
>
>
>
> Thanks!
>
>
>
> -Ryan
>
>
>
> I have my domain.xml connecting to my LDAP server via:
>
> <store name="users">
> <nodestore
> classname="org.apache.slide.store.txjndi.JNDIPrincipalStore">
> <parameter
> name="jndi.container">ou=ABC,dc=devl,dc=org</parameter>
> <parameter name="jndi.attributes.rdn">cn</parameter>
> <parameter
> name="jndi.search.filter">(objectClass=user)</parameter>
> <parameter
> name="jndi.search.scope">SUBTREE_SCOPE</parameter>
> <parameter
> name="jndi.search.attributes">cn</parameter>
> <parameter
> name="java.naming.provider.url">ldap://my.ldap.org:389</parameter>
> <parameter
> name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</par
> ameter>
> <parameter
> name="java.naming.security.principal">eAdmin</parameter>
> <parameter
> name="java.naming.security.authentication">simple</parameter>
> <parameter
> name="java.naming.security.credentials">p1</parameter>
> </nodestore>
> <sequencestore
> classname="org.apache.slide.store.txfile.FileSequenceStore">
> <parameter
> name="rootpath">store/sequence</parameter>
> </sequencestore>
> <securitystore
> classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
> <parameter
> name="rootpath">users/store/metadata</parameter>
> <parameter
> name="workpath">users/work/metadata</parameter>
> <parameter name="defer-saving">true</parameter>
> <parameter name="timeout">120</parameter>
> </securitystore>
> <lockstore>
> <reference store="securitystore"/>
> </lockstore>
> <revisiondescriptorsstore>
> <reference store="nodestore"/>
> </revisiondescriptorsstore>
> <revisiondescriptorstore>
> <reference store="nodestore"/>
> </revisiondescriptorstore>
> <contentstore>
> <reference store="nodestore"/>
> </contentstore>
> </store>
> <store name="roles">
> <nodestore
> classname="org.apache.slide.store.txjndi.JNDIPrincipalStore">
> <parameter
> name="jndi.container">ou=ABC,dc=devl,dc=org</parameter>
> <parameter name="jndi.attributes.rdn">cn</parameter>
> <parameter
> name="jndi.attribute.groupmemberset">member</parameter>
> <parameter
> name="jndi.search.filter">(objectClass=group)</parameter>
> <parameter
> name="jndi.search.scope">SUBTREE_SCOPE</parameter>
> <parameter
> name="jndi.search.attributes">cn</parameter>
> <parameter
> name="java.naming.provider.url">ldap://my.ldap.org:389</parameter>
> <parameter
> name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</par
> ameter>
> <parameter
> name="java.naming.security.principal">eAdmin</parameter>
> <parameter
> name="java.naming.security.authentication">simple</parameter>
> <parameter
> name="java.naming.security.credentials">p1</parameter>
> </nodestore>
> <sequencestore
> classname="org.apache.slide.store.txfile.FileSequenceStore">
> <parameter
> name="rootpath">store/sequence</parameter>
> </sequencestore>
> <securitystore
> classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
> <parameter
> name="rootpath">roles/store/metadata</parameter>
> <parameter
> name="workpath">roles/work/metadata</parameter>
> <parameter name="defer-saving">true</parameter>
> <parameter name="timeout">120</parameter>
> </securitystore>
> <lockstore>
> <reference store="securitystore"/>
> </lockstore>
> <revisiondescriptorsstore>
> <reference store="nodestore"/>
> </revisiondescriptorsstore>
> <revisiondescriptorstore>
> <reference store="nodestore"/>
> </revisiondescriptorstore>
> <contentstore>
> <reference store="nodestore"/>
> </contentstore>
> </store>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
