roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve McCain <s.mcc...@Bradford.ac.uk>
Subject ldap authentication & authorisation
Date Fri, 18 Apr 2008 11:09:11 GMT
By using the Sample LDAP/RollerDB hybrid config in the security.xml file 
supplied with Roller 4.0
I have users being authenticated by ldap while their authorisation 
remains under the control of the
database (users and roles). So far so good.

I work in a university and would like to restrict access to roller to 
staff only. We have a 'staff' group
in our ldap so I'm looking how I could use group membership to do this. 
To test this out I've created
a 'register' group with myself as a uniqueMember. I've changed the 
LdapAuthenticationProvider bean
to use a DefaultLdapAuthoritiesPopulator instead of the 
AuthoritiesPopulator (id=jdbcAuthoritiesPopulator)
as in the supplied security.xml. I now get 403 errors when I try to log 
in. How do I trace what roller is
sending to ldap?

Am I barking up the wrong tree entirely with this approach? Have I 
crippled roller's ability to get user/role
info from the database by not using the AuthoritiesPopulator bean? Can 
anyone suggest a way of
configuring roller to use ldap group membership for a broad-brush access 
control while control of
which users can contribute to which blog is controlled by the database?

thanks

Steve



Mime
View raw message