final static String LOGIN_CONTEXT_SINGLE_USER = "SINGLE_USER";
// RESERVED ROLES
- public final static String ROLE_ADMIN = "cn=admin,ou=system,ou=node";
- public final static String ROLE_GROUP_ADMIN = "cn=groupAdmin,ou=system,ou=node";
- public final static String ROLE_USER_ADMIN = "cn=userAdmin,ou=system,ou=node";
+ final static String ROLES_BASEDN = "ou=roles,ou=node";
+ public final static String ROLE_ADMIN = "cn=admin," + ROLES_BASEDN;
+ public final static String ROLE_GROUP_ADMIN = "cn=groupAdmin,"
+ + ROLES_BASEDN;
+ public final static String ROLE_USER_ADMIN = "cn=userAdmin," + ROLES_BASEDN;
// Special system groups that cannot be edited:
// user U anonymous = everyone
- public final static String ROLE_USER = "cn=user,ou=system,ou=node";
- public final static String ROLE_ANONYMOUS = "cn=anonymous,ou=system,ou=node";
+ public final static String ROLE_USER = "cn=user," + ROLES_BASEDN;
+ public final static String ROLE_ANONYMOUS = "cn=anonymous," + ROLES_BASEDN;
// RESERVED USERNAMES
public final static String USERNAME_ADMIN = "root";
// Node Security
/** URI to an LDIF file used as initialization or backend */
final static String USERADMIN_URI = "argeo.node.useradmin.uri";
- final static String ROLES_BASEDN = "ou=system,ou=node";
-
final static String[] DEFAULT_CNDS = { "/org/argeo/jcr/argeo.cnd",
"/org/argeo/cms/cms.cnd" };
File osgiInstanceDir = KernelUtils.getOsgiInstanceDir();
File homeDir = new File(osgiInstanceDir, "node");
- String baseNodeRoleDn = KernelConstants.ROLES_BASEDN;
+ String baseNodeRoleDn = KernelHeader.ROLES_BASEDN;
File nodeRolesFile = new File(homeDir, baseNodeRoleDn + ".ldif");
try {
FileUtils.copyInputStreamToFile(
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
+import org.argeo.cms.KernelHeader;
import org.argeo.osgi.useradmin.ArgeoUserAdminException;
import org.argeo.osgi.useradmin.UserAdminAggregator;
import org.osgi.framework.InvalidSyntaxException;
final static LdapName ROLES_BASE;
static {
try {
- ROLES_BASE = new LdapName(KernelConstants.ROLES_BASEDN);
+ ROLES_BASE = new LdapName(KernelHeader.ROLES_BASEDN);
} catch (InvalidNameException e) {
throw new ArgeoUserAdminException("Cannot initialize "
+ NodeUserAdmin.class, e);
//
@Override
public synchronized void addUserAdmin(String baseDn, UserAdmin userAdmin) {
- if (baseDn.equals(KernelConstants.ROLES_BASEDN)) {
+ if (baseDn.equals(KernelHeader.ROLES_BASEDN)) {
nodeRoles = userAdmin;
return;
}
@Override
public synchronized void removeUserAdmin(String baseDn) {
- if (baseDn.equals(KernelConstants.ROLES_BASEDN))
+ if (baseDn.equals(KernelHeader.ROLES_BASEDN))
throw new ArgeoUserAdminException("Node roles cannot be removed.");
LdapName base;
try {
objectClass: top
ou: node
-dn: ou=system,ou=node
+dn: ou=roles,ou=node
objectClass: organizationalUnit
objectClass: top
ou: system
-dn: cn=admin,ou=system,ou=node
+dn: cn=admin,ou=roles,ou=node
objectClass: groupOfNames
objectClass: top
cn: admin
member: uid=root,ou=users,dc=example,dc=com
-dn: cn=userAdmin,ou=system,ou=node
+dn: cn=userAdmin,ou=roles,ou=node
objectClass: groupOfNames
objectClass: top
cn: userAdmin
-member: cn=admin,ou=system,ou=node
+member: cn=admin,ou=roles,ou=node
member: uid=demo,ou=users,dc=example,dc=com
-dn: cn=groupAdmin,ou=system,ou=node
+dn: cn=groupAdmin,ou=roles,ou=node
objectClass: groupOfNames
objectClass: top
cn: groupAdmin
-member: cn=admin,ou=system,ou=node
+member: cn=admin,ou=roles,ou=node
-dn: ou=org.argeo.cms,ou=node
-objectClass: organizationalUnit
-objectClass: top
-ou: org.argeo.cms
-
-dn: cn=editor,ou=org.argeo.cms,ou=node
+dn: cn=org.argeo.cms.editor,ou=roles,ou=node
objectClass: groupOfNames
objectClass: top
cn: editor
-member: cn=admin,ou=system,ou=node
+member: cn=admin,ou=roles,ou=node
member: uid=demo,ou=users,dc=example,dc=com
// FIXME make it more generic
for (Principal principal : principals) {
if (principal.getName().equalsIgnoreCase(
- "cn=admin,ou=system,ou=node"))
+ "cn=admin,ou=roles,ou=node"))
isAdmin = true;
else if (principal.getName().equalsIgnoreCase(
- "cn=anonymous,ou=system,ou=node"))
+ "cn=anonymous,ou=roles,ou=node"))
isAnonymous = true;
}
<enabledWhen>
<with variable="roles">
<iterate ifEmpty="false" operator="or">
- <equals value="cn=anonymous,ou=system,ou=node" />
+ <equals value="cn=anonymous,ou=roles,ou=node" />
</iterate>
</with>
</enabledWhen>
<not>
<with variable="roles">
<iterate ifEmpty="false" operator="or">
- <equals value="cn=anonymous,ou=system,ou=node" />
+ <equals value="cn=anonymous,ou=roles,ou=node" />
</iterate>
</with>
</not>
<enabledWhen>
<with variable="roles">
<iterate ifEmpty="false" operator="or">
- <equals value="cn=user,ou=system,ou=node" />
+ <equals value="cn=user,ou=roles,ou=node" />
</iterate>
</with>
</enabledWhen>
<enabledWhen>
<with variable="roles">
<iterate ifEmpty="false" operator="or">
- <equals value="cn=admin,ou=system,ou=node" />
+ <equals value="cn=admin,ou=roles,ou=node" />
</iterate>
</with>
</enabledWhen>
<enabledWhen>
<with variable="roles">
<iterate ifEmpty="false" operator="or">
- <equals value="cn=userAdmin,ou=system,ou=node" />
+ <equals value="cn=userAdmin,ou=roles,ou=node" />
</iterate>
</with>
</enabledWhen>
<enabledWhen>
<with variable="roles">
<iterate ifEmpty="false" operator="or">
- <equals value="cn=groupAdmin,ou=system,ou=node" />
+ <equals value="cn=groupAdmin,ou=roles,ou=node" />
</iterate>
</with>
</enabledWhen>
<not>
<with variable="roles">
<iterate ifEmpty="false" operator="or">
- <equals value="cn=admin,ou=system,ou=node" />
+ <equals value="cn=admin,ou=roles,ou=node" />
</iterate>
</with>
</not>