[OTDev] guest or anonymous user and the default member group

Micha Rautenberg mr at mrautenberg.de
Mon Jul 12 11:49:19 CEST 2010 

Dear All,

as discussed in the list before there are already default users for the 
authentication and authorization
guest - with password guest and
anonymous - with password anonymous

as well there is a default "member" group for every user.

So in LDAP terms a "guest" user is:
uid=guest,ou=people,dc=opentox,dc=org

and is member of the "member" group
cn=member,ou=groups,dc=opentox,dc=org

As an example for a policy-file see

<!DOCTYPE Policies PUBLIC "-//Sun Java System Access Manager7.1 2006Q3
   Admin CLI DTD//EN" "jar://com/sun/identity/policy/policyAdmin.dtd">
<Policies>
<Policy name="policy_user" referralPolicy="false" active="true">
   <Rule name="rule_user">
      <ServiceName name="iPlanetAMWebAgentService" />
      <ResourceName name="http://opentox.org/someuri/"/>
      <AttributeValuePair>
         <Attribute name="GET" />
         <Value>allow</Value>
      </AttributeValuePair>
      <AttributeValuePair>
         <Attribute name="POST" />
         <Value>allow</Value>
      </AttributeValuePair>
      <AttributeValuePair>
         <Attribute name="PUT" />
         <Value>allow</Value>
      </AttributeValuePair>
      <AttributeValuePair>
         <Attribute name="DELETE" />
         <Value>allow</Value>
      </AttributeValuePair>
   </Rule>
   <Subjects name="subjects_user" description="">
        <Subject name="subject_user" type="LDAPUsers" 
includeType="inclusive">
            <AttributeValuePair>
                <Attribute name="Values"/>
                <Value>uid=guest,ou=people,dc=opentox,dc=org</Value>
            </AttributeValuePair>
        </Subject>
   </Subjects>
</Policy>
<Policy name="policy_group" referralPolicy="false" active="true">
   <Rule name="rule_group">
      <ServiceName name="iPlanetAMWebAgentService" />
      <ResourceName name="http://opentox.org/someuri/"/>
      <AttributeValuePair>
         <Attribute name="GET" />
         <Value>allow</Value>
      </AttributeValuePair>
   </Rule>
   <Subjects name="subjects_group" description="">
        <Subject name="subject_group" type="LDAPGroups" 
includeType="inclusive">
            <AttributeValuePair>
                <Attribute name="Values"/>
                <Value>cn=member,ou=groups,dc=opentox,dc=org</Value>
            </AttributeValuePair>
        </Subject>
   </Subjects>
</Policy>
</Policies>


best greets,

Micha

More information about the Development mailing list