[Carbon-dev] governance registry external roles
Roberto Mier Escandón
rmescandon at gmail.com
Tue Mar 22 04:25:08 PDT 2011
Content for MembershipAttribute should be full qualified. I explain
I have a "username" user in
cn=username, ou=users, o=base
and groups in
cn=certaingroup, ou=groups, o=base
and every group has a "member" attribute for every one of its members.
This way, if "username" is part of "certaingroup" group, then the
"certaingroup" has a member attribute with this value:
value: cn=username, ou=users, o=base
Is this right or the value should be only
El 22/03/2011 9:16, Dimuthu Leelarathne escribió:
> Please see my comments inline.
> 2011/3/22 Roberto Mier Escandón <rmescandon at gmail.com
> <mailto:rmescandon at gmail.com>>
> I have a little problem. I configure wso2 governance registry to
> take users and roles from an external LDAP. Both them are listed
> into management console in "Users and Roles" option. I also
> configure UserStoreManager to set certain ldap attribute as
> "member" to establish a relationship between user and its roles
> (this relationship is valid). I can set permissions for any role.
> But these permissions are not taken into account by governance
> registry. On the other hand, if i create a new role and set same
> permissions to it, it works!!!.
> It seems as external role permissions were not taken into account
> and i was need to create an internal role instead. This seems not
> to be logic. Where i'm wrong?. Are external roles working properly
> in governance registry.
> I checked the same scenario on Greg 3.5.0 version and it works fine
> for me when I tested with ApacheDS. One place that can go wrong is the
> relationship between users and roles. Did you set the following
> property in user-mgt.xml correctly?
> <Property name="MembershipAttribute">uniqueMember</Property>
> If you have set this property correctly, I would like to know your
> LDAP flavour, so that we can investigate this problem more thoroughly.
> I use 3.5.0 version
> Thank you.
> Roberto Mier Escandón.
> Carbon-dev mailing list
> Carbon-dev at wso2.org <mailto:Carbon-dev at wso2.org>
Roberto Mier Escandón.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Carbon-dev