Managing access rights with TWS 4.1

Hi all,

since managing my access rights via groups is currently not possible with LDAP and doesn’t seem to be possible via Operating System security (win2k) either, how is one supposed to manage access rights for more than 10 users??

The documentation says under “Security -> WebDAV Security: User Database Management” that besides the OS userDB and LDAP it is possible to manage the (WebDAV) users within Tamino itself.
But I can’t find instructions on how to do it. Is WebDAV group management possible that way?

TIA
Guido

PS: Please give mime type text/xml not only to .xml files by default in web.xml but also to .xsl files

Hi Guido,

for enabling Tamino as a webdav userDB the following realm paramteres are relevant and have to be set in the server.xml under Realm:

className=“com.softwareag.ssx.userdb.authmod.realms.tomcat4.SSXUserDBRealm4"
authType=“tamino"
databaseUri=”{your TaminoDB URI}” like e.g. databaseUri="http://localhost/tamino/mydb"

If these parameters have been set, the Tamino ino:users are used as userDB. But however, currently Tamino-Webdav does not support group management for its ACL authorization, independent if you use OS, LDAP or Tamino as userDB.

regards Eckehard

Thanks for the information and your help Eckehard!

Guido

One more question:
Is such functionality planned and when will it be available?

Is there any chance to get this before the next major release?

I am particular interested to get this for LDAP (i.e. mapping groupOfUniqueNames to the userpath of the WebDAV server).

Another “quick solution” would be to not only query personBindDn one level deep but query and map the complete LDAP subtree below personBindDn.

But long term I would prefer to use groupOfUniqueNames to assign roles (i.e. multiple groupOfUniqueNames per user).

Also please allow the personObjClass configuration value to be subclasses of “person”, as the number and types of attributes for “person” are almost never enough for “real world use cases”.

Thanks
Guido

Please ignore my last statement.
The objectClass attribute is multivalued and can be (for example) “person” and “organizationalPerson” at the same time.

Sorry
Guido