You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by bu...@apache.org on 2013/01/25 18:38:18 UTC
svn commit: r847941 - in /websites/staging/isis/trunk: cgi-bin/ content/
content/components/security/shiro/using-ldap.html
Author: buildbot
Date: Fri Jan 25 17:38:17 2013
New Revision: 847941
Log:
Staging update by buildbot for isis
Modified:
websites/staging/isis/trunk/cgi-bin/ (props changed)
websites/staging/isis/trunk/content/ (props changed)
websites/staging/isis/trunk/content/components/security/shiro/using-ldap.html
Propchange: websites/staging/isis/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Jan 25 17:38:17 2013
@@ -1 +1 @@
-1435907
+1438609
Propchange: websites/staging/isis/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Jan 25 17:38:17 2013
@@ -1 +1 @@
-1435907
+1438609
Modified: websites/staging/isis/trunk/content/components/security/shiro/using-ldap.html
==============================================================================
--- websites/staging/isis/trunk/content/components/security/shiro/using-ldap.html (original)
+++ websites/staging/isis/trunk/content/components/security/shiro/using-ldap.html Fri Jan 25 17:38:17 2013
@@ -250,6 +250,14 @@ ldapRealm.groupObjectClass = groupOfUniq
ldapRealm.uniqueMemberAttribute = uniqueMember
ldapRealm.uniqueMemberAttributeValueTemplate = uid={0}
+# optional mapping from physical groups to logical application roles
+ldapRealm.rolesByGroup = \
+ LDN_USERS: user_role,\
+ NYK_USERS: user_role,\
+ HKG_USERS: user_role,\
+ GLOBAL_ADMIN: admin_role,\
+ DEMOS: self-install_role
+
ldapRealm.permissionsByRole=\
user_role = *:ToDoItemsJdo:*:*,\
*:ToDoItem:*:*; \
@@ -275,6 +283,10 @@ securityManager.realms = $ldapRealm
<li>each value of <code>uniqueMember</code> is in the form <code>uid=xxx</code>, with <code>xxx</code> being the uid of the user</li>
<li>the group membership is looked up using the specified system user</li>
</ul></li>
+<li>groups looked up from LDAP can be mapped to logical roles
+<ul>
+<li>if no group-to-role mapping is provided, then the group names are used as role names with no translation</li>
+</ul></li>
</ul>
<p>The above configuration has been tested against <a href="http://directory.apache.org/apacheds/">ApacheDS</a>, v1.5.7. This can be administered using <a href="http://directory.apache.org/studio/">Apache Directory Studio</a>, v1.5.3.</p>