LDAP Authentication for Slide - Role Permissions being Cached

[EMAIL PROTECTED] Tue, 13 Sep 2005 02:52:31 -0700

All,

I have come across a problem whereby once I have given permissions for users in a Role to access Slide, once I remove the permission the users in that Role can still access Slide.

In my environment I have:

- Slide 2.1

- Apache Tomcat 5.5.9

- OpenLDAP

I am using two JNDIPrincipalStores to connect to my LDAP directory for authentication; one store to hold users and the other to hold Roles. .

I am defining access to Slide at the root objectnode, for example my Domain.xml file contiains:

******************************

<data>

<!--

GP: 12/09/2005

Allow only 'slideadministrators' to access Slide

These will not be inherited to any sub-store - so separate permissions will need to be defined for sub paths.

-->

</objectnode>

</objectnode>

******************************

I originally granted access to "/roles/slideusers" rather than "/roles/slideadministrators". However, users within my 'slideusers' Roles group can now still connect.

I have taken the following actions:

- Rebooted Tomcat: no effect

- Cleared the security buffers (by commenting all <permissions> in the .def.xml file and associated files): no effect

- Renamed the 'slideusers' Role to 'slide_users': access then denied to members of 'slide_users'

- Renamed 'slide_users' back to 'slideusers': access granted to members of 'slide_users'

Has anyone else experienced this? Or please could someone tell me where I'm going wrong?

Many thanks in advance,

Greg

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

LDAP Authentication for Slide - Role Permissions being Cached

Reply via email to