By using the Sample LDAP/RollerDB hybrid config in the security.xml file
supplied with Roller 4.0
I have users being authenticated by ldap while their authorisation
remains under the control of the
database (users and roles). So far so good.
I work in a university and would like to restrict access to roller to
staff only. We have a 'staff' group
in our ldap so I'm looking how I could use group membership to do this.
To test this out I've created
a 'register' group with myself as a uniqueMember. I've changed the
LdapAuthenticationProvider bean
to use a DefaultLdapAuthoritiesPopulator instead of the
AuthoritiesPopulator (id=jdbcAuthoritiesPopulator)
as in the supplied security.xml. I now get 403 errors when I try to log
in. How do I trace what roller is
sending to ldap?
Am I barking up the wrong tree entirely with this approach? Have I
crippled roller's ability to get user/role
info from the database by not using the AuthoritiesPopulator bean? Can
anyone suggest a way of
configuring roller to use ldap group membership for a broad-brush access
control while control of
which users can contribute to which blog is controlled by the database?
thanks
Steve
