Hello,
I'm trying to use LDAP for authentification and
authorization but it doesn't work. So I need you help...
thanks for advance!
My realm (in server.xml) seems to work because I can see in
my logs that Slide uses the "propfind" method (I
use the client commandline client for my tests). Slide
wouldn't do it if the authentification have failed.
Unfortunately I get "forbidden" for the
authorization.
Could you explain me what are the main things to do in order
to get the values of "group-member-set" in LDAP
?
Until now I have tried to change the domain.xml. I have done
a scope for /roles and a new store for the roles. Is there
anything else to do? In another file for example or lower in
the file domain.xml...
Here is a few little questions:
Do I have to use a LDAP store for my users too or the realm
is enough?
Do I have to create a resource for LDAP in server.xml ?
Do I have to create a root user in Ldap, I mean : would it
work if I don't do it ?
What is the element that concerns the group-member-set ?
(nodestore? securitystore?)
If I want to use LDAP to store the metadata from a file, do
I have to create manually each attribute in LDAP? Or maybe
the LDAP store is only used as a read-only
"database" ?
Is it possible that Slide runs without any files in /users
and /roles ? For example if I have a group called
"mygroup" in LDAP, do I need
necessary a file mygroup.def.xml inside /roles ? It not, is
it possible to use a role-link (web.xml) to be able to
create a group called mygroup in LDAP corresponding to a
role called "myrole" in Slide ? My groups in
LDAP have a special char ":" so slide can't
create
the roles' files. The role-link works for authentification
but that's maybe a reason of my problems...
Last question: how can I log the JNDI authorization process?
I have the logs for authentification (realm) but I don't
know how to get the
same kinds of logs for the authorization... it could help.
Have a nice day and good work!
Yizashi
Student
|