4 Replies Latest reply on May 21, 2008 11:08 PM by drekun

Map LDAP Group to Portal Role

jujuz Aug 22, 2007 4:54 AM

Hie,

i don t understand exactly how to map LDAP group and Portal Role. I found this http://wiki.jboss.org/wiki/Wiki.jsp?page=GiveAdminPrivileges but it doesn t work in my config, i have create a role Portal_Admin into my Active Directory and modify the file default-object.xml

<security-constraint>
 <policy-permission>
 <action-name>viewrecursive</action-name>
 <role-name>Portal_Admin</role-name>
 </policy-permission>
 </security-constraint>

??
regards,
Julien Cornouiller

1. Re: Map LDAP Group to Portal Role

roth Aug 22, 2007 10:01 AM (in response to jujuz)

Hi. I just updated that wiki page, you might want to read it again.

The change to default-object.xml only makes the admin link in the top right corner appear. The other stuff gives access to the various management portlets.

Make sure you delete the portal hypersonic database after you made the change to default-object.xml, or you won't see any difference. I clarified this in the wiki entry, so please try again if it doesn't work for you.

Also have a look at http://jira.jboss.com/jira/browse/JBPORTAL-1646. There is a bug that prevents the CMS admin from working, if there is no user called 'admin'.

Cheers,
Tobias
Actions
2. Re: Map LDAP Group to Portal Role

jujuz Aug 29, 2007 9:10 AM (in response to jujuz)

thanks,
i ll try it later, before i want to have answer to my post
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=116987

regards
Julien Cornouiller
Actions
3. Re: Map LDAP Group to Portal Role

drekun May 21, 2008 12:17 PM (in response to jujuz)

Hi,

I already connect to the Microsoft AD
I have the same issue about mapping LDAP group to the portal role

this my schema for ldap server or Microsoft AD

o=office.com
|
|- ou=poeple
| |
| - ou=jakarta,
| |
| - ou=internal
| |
| - cn=user1
| |
| - cn=user2
|
- ou=groups
|
- cn=finance
|
- member=uid=user1,ou=internal,c=jakarta,ou=people,o=office.com

- cn=accounting
|
- member=uid=user2,ou=internal,c=jakarta,ou=people,o=office.com

In the portal i already created roles for accouting and finance.
Now i just can retrieve the user name and the pass word only for finance group.

this is my configuration in jboss portal

<option-group>
<group-name>common</group-name>

userCtxDN
ou=internal,c=jakarta,ou=people,o=office.com

uidAttributeID
sAMAccountName

userSearchFilter <![CDATA[(&(sAMAccountName={0})(objectClass=User))]]>

roleCtxDN
<![CDATA[cn=finance,ou=groups,o=office.com]]>

roleSearchFilter
<![CDATA[(&((cn={0})(objectClass=group)))]]>

searchScope
SUBTREE_SCOPE

</option-group>

I need to to configure the user from group accounting is automaticly assign to accounting role in the jboss portal and the same with the finace group in ldap. have any one done that with jboss portal ?

Any sugestion will be highly appriciated

Regards
Hendra
Actions
4. Re: Map LDAP Group to Portal Role

drekun May 21, 2008 11:08 PM (in response to jujuz)

i'm sory about the miss typing. I must be half awaken when i write this post.

What i mean is that i need to map the group in ldap in to the role in the jboss portal role so the user1 from group accounting is automaticly assign to accounting role in jboss portal

Regards
Hendra
Actions

Go to original post