...
Les groupes ont pour objectClass eduMember.
Les membres des groupes sont connus via l'attribut member.
//FIXME --> Exemple ldif
Au sein d'une entrée de personnes, on connait les groupes dont il est membre en interrogeant l'attribut isMemberOf.
...
| Bloc de code |
|---|
<!--
| This bean is the ContextSource instance that will be used to connect to LDAP.
+-->
<bean id="ldapContext" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldap://ldapserveur:389"/>
<property name="userDn" value="uid=root,dc=example,dc=org"/>
<property name="password" value="XXX"/>
</bean>
<!--
| BaseDn that will be passed to the search (not to the context).
|
| WARNING: If you get an error like this...
| ...PartialResultException: [LDAP: error code 10...
| it probably means your baseDn isn't correct!
+-->
<bean id="baseDn" class="java.lang.String">
<constructor-arg><value>ou=groups,dc=example,dc=org</value></constructor-arg>
</bean>
<!--
| ESUP Parameter.
| This parameter is used to extract the id path of the groups
| form their dn. The id path is expected to be catched from the first group
| of the regex.
-->
<bean id="childGroupKeyRegex" class="java.lang.String">
<constructor-arg><value>cn=(.*),ou=groups,dc=example,dc=org</value></constructor-arg>
</bean>
<!--
| LDAP query string that will be passed to the search.
+-->
<bean id="filter" class="java.lang.String">
<constructor-arg><value>(objectClass=eduMember)</value></constructor-arg>
</bean>
<!--
| This bean identifies the name of the Person Attribute that
| lists the SmartLdap groups each person is a member of.
+-->
<bean id="memberOfAttributeName" class="java.lang.String">
<constructor-arg><value>isMemberOf</value></constructor-arg>
</bean>
<!--
| This bean identifies the org.springframework.ldap.core.AttributesMapper
| implementation used in reading the groups records from LDAP.
+-->
<bean id="attributesMapper" class="org.jasig.portal.groups.smartldap.SimpleAttributesMapper">
<!--
| Name of the group attribute that tells you its key.
+-->
<property name="keyAttributeName">
<value>cn</value>
</property>
<!--
| Name of the group attribute that tells you its name.
+-->
<property name="groupNameAttributeName">
<value>cn</value>
</property>
<!--
| Name of the group attribute that lists its members.
+-->
<property name="membershipAttributeName">
<value>member</value>
</property>
</bean> |
- Ajouter les groupes smartLDAP à votre arboresence des groupes. Par exemple, vous pouvez modifier le fichier Everyone.group-membership.xml comme suit :
| Bloc de code |
|---|
<group script="classpath://org/jasig/portal/io/import-group_membership_v3-2.crn">
<name>Everyone</name>
<entity-type>org.jasig.portal.security.IPerson</entity-type>
<creator>system</creator>
<description>All Users</description>
<children>
<group>Authenticated Users</group>
<group>PAGS Root</group>
<group>Faculty</group>
<group>Guests</group>
<group>Portal System</group>
<group>Staff</group>
<group>Students</group>
<!-- Ajout des groupes SmartLdap -->
<group>SmartLdap ROOT</group>
</children>
</group> |
- Vous pouvez cibler un groupe spécifique simplement en le nommant. Par exemple :
| Bloc de code |
|---|
<group>admin:appli:appli1</group> |