[OTDev] AA
Andreas Maunz andreas at maunz.deThu Jun 17 17:01:54 CEST 2010
- Previous message: [OTDev] AA
- Next message: [OTDev] My OpenTox Workshop contribution: The Lost Slides
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This chung wrote on 06/17/2010 04:44 PM: > <Subjects name="mySubjects" description=""> > <Subject name="YAQPservice" type="LDAPUsers" > includeType="inclusive"> > <AttributeValuePair> > <Attribute name="Values"/> > <Value>uid=YAQPservice, ou=groups, > dc=opentox,dc=org</Value> > </AttributeValuePair> > </Subject> > <Subject name="Sopasakis" type="LDAPUsers" > includeType="inclusive"> > <AttributeValuePair> > <Attribute name="Values"/> > <Value>uid=Sopasakis, ou=groups, > dc=opentox,dc=org</Value> > </AttributeValuePair> > </Subject> > </Subjects> is wrong. For example: > <Subject name="YAQPservice" type="LDAPUsers" > includeType="inclusive"> > <AttributeValuePair> > <Attribute name="Values"/> > <Value>uid=YAQPservice, ou=groups, > dc=opentox,dc=org</Value> > </AttributeValuePair> > </Subject> I guess it's like that: In your version, upon authorization, OpenSSO looks for the token user, identified by attribute "uid", in the LDAP branch "ou=groups, dc=opentox,dc=org". There are no users in that branch, so no user "YAQPService" also. If you had specified "LDAPGroups", upon authorization, OpenSSO will look for membership of the token user in a group called "YAQPService". Furthermore, this group is identified by attribute "uid". This fails because all groups are identified by "cn", not "uid". Even if you had specified "cn", there is no group "YAQPService". Regards Andreas
- Previous message: [OTDev] AA
- Next message: [OTDev] My OpenTox Workshop contribution: The Lost Slides
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list