another security question


I am not quite sure wether this is more of a general LDAP question.
I just got authentication via LDAP to work which is great.

Now I can add my users to LDAP as objectclass “person” and add my groups as objectclass “groupOfUniqueNames”.

Adding my users to a groupOfUniqueNames and adding this groupOfUniqueNames to my roles in web.xml enables the user to log in.
Now I want to give ACL to my users and I don’t want to give it to each user individually but to groups of users.

However my groupOfUniqueNames do not appear in the WebDAV user repository.

What is the correct way to organize my users in groups in order to give ACL to them?

Thanks a lot

Hi Guido,

we just use the groups defined in the user-database (like OS or LDAP) for doing the mapping to the roles in the web.xml file. The groups are not mapped to the userpath of the webdav server. But the order of the ACL/ACE definitions of a resource is relevant, which means that if you like to allow one user (e.g. A) access to a resource and deny the access to the rest of the users, define first an ACE granting access for user A and then an ACE deny access to all users. In this case the desired behavior should be available. If you first deny all and in the second ACE grant access for A, A will have no access.

Hope this description helps you.

regards Eckehard

Thanks a lot for your explanation Eckehard.

However, this does not solve my particular problem.

If the administrator wants to add a new user, he does not want to give all the ACLs every time to this user, but just add the user to a group and the user gets the corresponding access rights automatically.

Are you saying this is currently not possible with LDAP?

Thanks again

Hi Guido,

youe are right. This is with the current version not possible. The LDAP groups are not mapped into webdav-server user-collections.

regards Eckehard