Hi,
I have problems getting my JNDIPrincipalStores working. I am
searching
the slide-user mailing list and google for days now. It's
really hard to
find a complete slide documentation (for users). If I am
wrong and you
know a good place with good documentation stuff, please give
me a hint!
We have a LDAP server with about 900 users and some roles.
My aim is to
run a slide server with access control with above mentioned
sets of
users and roles. I choosed the "Slide bundled with
Tomcat 5.0.28"
package and got it running fine in default configuration.
Now, I want to add the required LDAP support. Authentication
is made by
Tomcat, so I configured a JNDIRealm in the /slide context in
the
server.xml (http
://www-linux.gsi.de/~dklein/slide/server.xml). This
works, here my JNDIRealm log
(h
ttp://www-linux.gsi.de/~dklein/slide/jndirealm_log).
Next, I configured the JNDIPrincipalStores
(http
://www-linux.gsi.de/~dklein/slide/Domain.xml) and a
minimum acl
(with the help of this mailing list). I uncommented
something security
related in my web.xml file
(http://
www-linux.gsi.de/~dklein/slide/web.xml). I do not
understand the
relation between the security roles in the web.xml file and
the roles
from LDAP!?
When I browse on http://localhost:8080/sli
de and logon with above
successfully authenticated credentials I get a 403
("Access to the
requested resource has been denied") error.
Here are my debug log files:
- catalina.out (ht
tp://www-linux.gsi.de/~dklein/slide/catalina.out)
- localhost_log.2006-08-09.txt
(http://www-linux.gsi.de/~dklein/slide/localhos
t_log.2006-08-09.txt)
- localhost_slide_access_log.2006-08-09.txt
(http://www-linux.gsi.de/~dklein/s
lide/localhost_slide_access_log.2006-08-09.txt)
Do you have any ideas? If I should do some work in reading
more docs,
because my problem is standard, please provide some
resources.
However, my questions are:
How can I get this stuff working?
How is the relationship between my two JNDIPrincipalStores
being
configured? Is it done by registering them with the
<userspath> and
<rolespath> elements?
Is it possible to add a third store (additionally to the
JNDIPrincipalStore for roles), let me call it group-store,
in that way,
that users can group some users "locally" (which
means, that these
groups are only visible to the slide and do not require
changes in ldap
server)?
thx in advance,
all the best,
Dennis Klein
<d.klein gsi.de>
p.s.: Sorry for my bad english. I don't speak english
natively.
------------------------------------------------------------
---------
To unsubscribe, e-mail: slide-user-unsubscribejakarta.apache.org
For additional commands, e-mail: slide-user-helpjakarta.apache.org
|