roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve McCain <>
Subject Re: ldap authentication & authorisation
Date Mon, 21 Apr 2008 13:38:49 GMT
Thanks Dave. Yes there is a groupSearchFilter property in acegi that 
defaults to member - I've
set it to "(uniqueMember={0})" in DefaultLdapAuthoritiesPopulator in 

The ldap seach is now finding me as a uniqueMember of the groups but I'm 
still getting 403 errors.

In the userrole table in the database I have a single entry with a 
rollname of 'editor' & have therefore
assumed that I needed to be in a ldap group of cn=editor, ou=groups, 
dc.... etc. I also set ou to be 'editor'
and have tried using either cn or ou as groupRoleAttribute - I get 403 
regardless. I've tried with
and without being a member of a 'register' group & again this makes no 

How can I turn on logging to see what roller is doing? What exactly does 
roller need to get
from the ldap search to grant access?


Dave wrote:
> On Fri, Apr 18, 2008 at 10:53 AM, Steve McCain <> wrote:
>> I've spotted from the ldap access log that the group membership search is
>> actually using  'member' rather than 'uniqueMember' as the group attribute. How do
I change
>> this?
> Hmm... I don't see any reference to "member" in the Roller source
> code. Perhaps this is something that is being done under the covers by
> the Acegi security system? You might have to hit the Acegi docs to
> figure this one out.  Hopefully, it's something that is pluggable.
> - Dave

View raw message