You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@isis.apache.org by bu...@apache.org on 2013/01/25 18:38:18 UTC

svn commit: r847941 - in /websites/staging/isis/trunk: cgi-bin/ content/ content/components/security/shiro/using-ldap.html

Author: buildbot
Date: Fri Jan 25 17:38:17 2013
New Revision: 847941

Log:
Staging update by buildbot for isis

Modified:
    websites/staging/isis/trunk/cgi-bin/   (props changed)
    websites/staging/isis/trunk/content/   (props changed)
    websites/staging/isis/trunk/content/components/security/shiro/using-ldap.html

Propchange: websites/staging/isis/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Jan 25 17:38:17 2013
@@ -1 +1 @@
-1435907
+1438609

Propchange: websites/staging/isis/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Jan 25 17:38:17 2013
@@ -1 +1 @@
-1435907
+1438609

Modified: websites/staging/isis/trunk/content/components/security/shiro/using-ldap.html
==============================================================================
--- websites/staging/isis/trunk/content/components/security/shiro/using-ldap.html (original)
+++ websites/staging/isis/trunk/content/components/security/shiro/using-ldap.html Fri Jan 25 17:38:17 2013
@@ -250,6 +250,14 @@ ldapRealm.groupObjectClass = groupOfUniq
 ldapRealm.uniqueMemberAttribute = uniqueMember
 ldapRealm.uniqueMemberAttributeValueTemplate = uid={0}
 
+# optional mapping from physical groups to logical application roles
+ldapRealm.rolesByGroup = \
+    LDN_USERS: user_role,\
+    NYK_USERS: user_role,\
+    HKG_USERS: user_role,\
+    GLOBAL_ADMIN: admin_role,\
+    DEMOS: self-install_role
+
 ldapRealm.permissionsByRole=\
    user_role = *:ToDoItemsJdo:*:*,\
                *:ToDoItem:*:*; \
@@ -275,6 +283,10 @@ securityManager.realms = $ldapRealm
 <li>each value of <code>uniqueMember</code> is in the form <code>uid=xxx</code>, with <code>xxx</code> being the uid of the user</li>
 <li>the group membership is looked up using the specified system user</li>
 </ul></li>
+<li>groups looked up from LDAP can be mapped to logical roles
+<ul>
+<li>if no group-to-role mapping is provided, then the group names are used as role names with no translation</li>
+</ul></li>
 </ul>
 
 <p>The above configuration has been tested against <a href="http://directory.apache.org/apacheds/">ApacheDS</a>, v1.5.7.  This can be administered using <a href="http://directory.apache.org/studio/">Apache Directory Studio</a>, v1.5.3.</p>