[Carbon-dev] governance registry external roles

Roberto Mier Escandón rmescandon at gmail.com
Tue Mar 22 04:25:08 PDT 2011 

Hi Dimuthu:

Content for MembershipAttribute should be full qualified. I explain
I have a "username" user in
cn=username, ou=users, o=base

and groups in
cn=certaingroup, ou=groups, o=base

and every group has a "member" attribute for every one of its members. 
This way, if "username" is part of "certaingroup" group, then the 
"certaingroup" has a member attribute with this value:

attribute: member
value: cn=username, ou=users, o=base

Is this right or the value should be only
value: username
?




El 22/03/2011 9:16, Dimuthu Leelarathne escribió:
> Hi,
>
> Please see my comments inline.
>
> 2011/3/22 Roberto Mier Escandón <rmescandon at gmail.com 
> <mailto:rmescandon at gmail.com>>
>
>     Hi
>     I have a little problem. I configure wso2 governance registry to
>     take users and roles from an external LDAP. Both them are listed
>     into management console in "Users and Roles" option. I also
>     configure UserStoreManager to set certain ldap attribute as
>     "member" to establish a relationship between user and its roles
>     (this relationship is valid). I can set permissions for any role.
>     But these permissions are not taken into account by governance
>     registry. On the other hand, if i create a new role and set same
>     permissions to it, it works!!!.
>     It seems as external role permissions were not taken into account
>     and i was need to create an internal role instead. This seems not
>     to be logic. Where i'm wrong?. Are external roles working properly
>     in governance registry.
>
>
> I checked the same scenario on Greg 3.5.0 version and it works fine 
> for me when I tested with ApacheDS. One place that can go wrong is the 
> relationship between users and roles. Did you set the following 
> property in user-mgt.xml correctly?
>
> <Property name="MembershipAttribute">uniqueMember</Property>
>
> If you have set this property correctly, I would like to know your 
> LDAP flavour, so that we can investigate this problem more thoroughly.
>
> Thanks,
> Dimuthu
>
>     I use 3.5.0 version
>
>     Thank you.
>
>     -- 
>
>     Roberto Mier Escandón.
>
>     _______________________________________________
>     Carbon-dev mailing list
>     Carbon-dev at wso2.org <mailto:Carbon-dev at wso2.org>
>     http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>


-- 

Roberto Mier Escandón.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.wso2.org/pipermail/carbon-dev/attachments/20110322/a5b496ac/attachment-0001.htm>

More information about the Carbon-dev mailing list