Setting up multiple domains for an user by using LDAP based RBM

[skadakath]

Hi,
I am trying to setup the domains and users for the Datapower device X150. We are using LDAP based RBM and xmlfile as the authentication. I tried  the following and it did not work:

<aaa:MapCredentials>   <aaa:InputCredential>uid=user1,ou=DP,DC=DP,DC=ORG</aaa:InputCredential>
   <aaa:OutputCredential>developers</aaa:OutputCredential>
</aaa:MapCredentials>


<aaa:MapCredentials>
   <aaa:InputCredential>dpdevelopers</aaa:InputCredential>
   <aaa:OutputCredential>*/Dev1/*?Access=r+w+a+d+x </aaa:OutputCredential>
   <aaa:OutputCredential>*/Dev2/*?Access=r+w+a+d+x </aaa:OutputCredential>
</aaa:MapCredentials>

I also tried the following and it did not work

<aaa:MapCredentials>   <aaa:InputCredential>uid=user1,ou=DP,DC=DP,DC=ORG</aaa:InputCredential>
   <aaa:OutputCredential>dpdevelopers1</aaa:OutputCredential>
</aaa:MapCredentials>
<aaa:MapCredentials>   <aaa:InputCredential>uid=user1,ou=DP,DC=DP,DC=ORG</aaa:InputCredential>
   <aaa:OutputCredential>dpdevelopers2</aaa:OutputCredential>
</aaa:MapCredentials>

<aaa:MapCredentials>
   <aaa:InputCredential>dpdevelopers1</aaa:InputCredential>
   <aaa:OutputCredential>*/Dev1/*?Access=r+w+a+d+x </aaa:OutputCredential>   
</aaa:MapCredentials>

<aaa:MapCredentials>
   <aaa:InputCredential>dpdevelopers2</aaa:InputCredential>
   <aaa:OutputCredential>*/Dev2/*?Access=r+w+a+d+x </aaa:OutputCredential>   
</aaa:MapCredentials>

 We need to have same developer accessing multiple domains. How do I do that?
Any help greatly appreciated...

Thanks in advance,
Suresh

[LordB]

To have multiple access rules you separate them by newlines... its non standard xml... so  it would look like this...

   <aaa:InputCredential>dpdevelopers</aaa:InputCredential>
   <aaa:OutputCredential>*/Dev1/*?Access=r+w+a+d+x
   */Dev2/*?Access=r+w+a+d+x </aaa:OutputCredential>


If you use the RBM editor on datapower it will do this for you...

[skadakath]

Thanks. It worked.

[efern]

I tried the RBM Policy and it fails for me.

This is what i see in the log

 AZ: Input [&lt;?xml version="1.0" encoding="UTF-8"?> &lt;mapped-credentials type="stylesheet" au-success="false" url="webgui:///map/map-mc-local.xsl"/>&lt;mapped-resource type="stylesheet" url="webgui:///map/map-mr-request.xsl">&lt;operation type="get-samlart" xmlns:dp="http://www.datapower.com/schemas/management" xmlns:env="http://www.w3.org/2003/05/soap-envelope">&lt;domain>default&lt;/domain>&lt;user>errofer&lt;/user>&lt;password>xxxxxx&lt;/password>&lt;spnego/>&lt;cert>*No certificate provided*&lt;/cert>&lt;dn/>&lt;client>53.67.67.105&lt;/client>&lt;type>login/web-mgmt&lt;/type>&lt;/operation>&lt;/mapped-resource>&lt;au-ancillary-info/>&lt;az-ancillary-info/>]

12:42:01   rbm   info        47218   >        0x80000001   rbm (RBM-Settings): MR: Input [&lt;?xml version="1.0" encoding="UTF-8"?> &lt;resource>&lt;item type="xpath">&lt;operation type="get-samlart" xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:dp="http://www.datapower.com/schemas/management">&lt;domain>default&lt;/domain>&lt;user>errofer&lt;/user>&lt;password>xxxxxx&lt;/password>&lt;spnego/>&lt;cert>*No certificate provided*&lt;/cert>&lt;dn/>&lt;client>53.67.67.105&lt;/client>&lt;type>login/web-mgmt&lt;/type>&lt;/operation>&lt;/item>&lt;/resource>]

12:42:01   rbm   info        47218   >        0x80000001   rbm (RBM-Settings): MC: Input [&lt;?xml version="1.0" encoding="UTF-8"?> &lt;credentials>&lt;entry type="custom" url="webgui:///map/map-au-local.xsl"/>&lt;/credentials>]


Any ideas, I need help please