You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Kaushal Sharma <km...@yahoo.com> on 2005/11/16 19:07:22 UTC
Role - Users relationship
I am facing problem related with ACLs. Follwing things I have done to implement ACLs:
1. In LDAP, I defined groups and person then added persons as members in Groups.
2. Groups defined in LDAP are coming as Roles in SLIDE/ Webdav Explorer and
person is coming as user.
3. In Webdav Explorer I put the ACLs on resources (Files) based on resources.
4. Then when I am logging on slide with userid got specific role but
ACLs are not effective. It seems relationship between roles and users
is not happening.
5. Please let me know do I need to make further changes in domain.xml to
establish relationship between roles and users?? please find attached
domain.xml entries.
Thanks in advance
Kaushal
<store name="users">
<nodestore classname="org.apache.slide.store.txjndi.JNDIPrincipalStore">
<parameter name="jndi.container">ou=HSP,dc=hsidev1,dc=org</parameter>
<parameter name="jndi.attributes.rdn">cn</parameter>
<parameter name="jndi.search.filter">(objectClass=person)</parameter>
<parameter name="jndi.search.scope">SUBTREE_SCOPE</parameter>
<parameter name="jndi.search.attributes">cn</parameter>
<parameter name="java.naming.provider.url">ldap://localhost:9158</parameter>
<parameter name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</parameter>
<parameter name="java.naming.security.principal">cn=Directory Manager</parameter>
<parameter name="java.naming.security.authentication">simple</parameter>
<parameter name="java.naming.security.credentials">zzzzzz</parameter>
</nodestore>
<sequencestore classname="org.apache.slide.store.txfile.FileSequenceStore">
<parameter name="rootpath">store/sequence</parameter>
</sequencestore>
<securitystore classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
<parameter name="rootpath">users/store/metadata</parameter>
<parameter name="workpath">users/work/metadata</parameter>
<parameter name="defer-saving">true</parameter>
<parameter name="timeout">120</parameter>
</securitystore>
<lockstore>
<reference store="securitystore"/>
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore"/>
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore"/>
</revisiondescriptorstore>
<contentstore>
<reference store="nodestore"/>
</contentstore>
</store>
<store name="roles">
<nodestore classname="org.apache.slide.store.txjndi.JNDIPrincipalStore">
<parameter name="jndi.container">ou=HSP,dc=hsidev1,dc=org</parameter>
<parameter name="jndi.attributes.rdn">cn</parameter>
<parameter name="jndi.attribute.groupmemberset">uniquemember</parameter>
<parameter name="jndi.search.filter">(objectClass=groupofuniquenames)</parameter>
<parameter name="jndi.search.scope">ONELEVEL_SCOPE</parameter>
<parameter name="jndi.search.attributes">cn</parameter>
<parameter name="java.naming.provider.url">ldap://localhost:9158</parameter>
<parameter name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</parameter>
<parameter name="java.naming.security.principal">cn=Directory Manager</parameter>
<parameter name="java.naming.security.authentication">simple</parameter>
<parameter name="java.naming.security.credentials">zzzzzz</parameter>
</nodestore>
<sequencestore classname="org.apache.slide.store.txfile.FileSequenceStore">
<parameter name="rootpath">store/sequence</parameter>
</sequencestore>
<securitystore classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
<parameter name="rootpath">roles/store/metadata</parameter>
<parameter name="workpath">roles/work/metadata</parameter>
<parameter name="defer-saving">true</parameter>
<parameter name="timeout">120</parameter>
</securitystore>
<lockstore>
<reference store="securitystore"/>
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore"/>
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore"/>
</revisiondescriptorstore>
<contentstore>
<reference store="nodestore"/>
</contentstore>
</store>
<scope match="/users" store="users"/>
<scope match="/roles" store="roles"/>
<configuration>
<!-- Actions mapping -->
<read-object>/actions/read</read-object>
<create-object>/actions/write</create-object>
<remove-object>/actions/write</remove-object>
<grant-permission>/actions/write-acl</grant-permission>
<revoke-permission>/actions/write-acl</revoke-permission>
<read-permissions>/actions/read-acl</read-permissions>
<read-own-permissions>/actions/read-current-user-privilege-set</read-own-permissions>
<lock-object>/actions/write</lock-object>
<kill-lock>/actions/unlock</kill-lock>
<read-locks>/actions/read</read-locks>
<read-revision-metadata>/actions/read</read-revision-metadata>
<create-revision-metadata>/actions/write-properties</create-revision-metadata>
<modify-revision-metadata>/actions/write-properties</modify-revision-metadata>
<remove-revision-metadata>/actions/write-properties</remove-revision-metadata>
<read-revision-content>/actions/read</read-revision-content>
<create-revision-content>/actions/write-content</create-revision-content>
<modify-revision-content>/actions/write-content</modify-revision-content>
<remove-revision-content>/actions/write-content</remove-revision-content>
<bind-member>/actions/bind</bind-member>
<unbind-member>/actions/unbind</unbind-member>
<!-- Paths configuration -->
<userspath>/users</userspath>
<rolespath>/roles</rolespath>
<actionspath>/actions</actionspath>
<filespath>/files</filespath>
<parameter name="dav">true</parameter>
<parameter name="standalone">true</parameter>
<parameter name="acl_inheritance_type">path</parameter>
<!-- Nested roles: 0 means no nesting (default), 1 means one sublevel, etc. -->
<parameter name="nested_roles_maxdepth">0</parameter>
<!-- Can be "off", "write" and "full" -->
<parameter name="sequential-mode">full</parameter>
<!-- "false" lets all read-only methods be executed outside of transactions -->
<parameter name="all-methods-in-transactions">true</parameter>
<auto-create-users>true</auto-create-users>
<auto-create-users-role>true</auto-create-users-role>
<!--<auto-create-users-role>slideroles.basic.RootRoleImpl</auto-create-users-role>-->
</configuration>
---------------------------------
Yahoo! FareChase - Search multiple travel sites in one click.