incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Gao <david...@gmail.com>
Subject Re: LDAP groups
Date Thu, 06 Mar 2008 01:24:25 GMT
Andrew, Thank you.

I will add a documentation about LDAP authentication via web container 
on jspwiki.org. 

I only enabled JNDIRealm in my Tomcat server.xml. Not sure about other 
issues if other realm(s) is/are enabled.


-------- Original Message --------
> David - your simple example works much better than my long-winded 
> explanation might have. :) Nice one.
>
> Ryan - the important point here is that you can add container roles to 
> your security policy file using the syntax in David's example. You can 
> use container roles in wiki page ACLs, too. To make this work, you 
> need to make sure you have a "role" element in your web.xml for each 
> LDAP group you are referencing.
>
> Andrew
>
> On Mar 5, 2008, at 16:59, David Gao <davidgjm@gmail.com> wrote:
>
>> Hi,
>>
>> I'm using LDAP (Web container authentication )for JSPWiki in my 
>> environment.
>> I can successfully map LDAP groups (UniqueMember) to JSPWiki roles. The
>> following is a security policy for this:
>>
>> grant principal com.ecyrd.jspwiki.auth.authorize.Role "tomcat-admin" {
>>    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
>> };
>>
>> where "tomcat-admin" is a LDAP group.
>>
>> I would be happy to share more information about this if you just need.
>>
>> 2008/3/6, Milton Taylor <mctozzy@gmail.com>:
>>>
>>> At the very least you have to have an LDAP group named
>>> "Authenticated"...this seems to be a hard-wired expectation of jspwiki.
>>>
>>> We need to be careful about terminology here, because jspwiki "groups"
>>> and "roles" aren't the same thing.  Here we're really talking about the
>>> jspwiki roles, because they're the things that underly security in
>>> jspwiki. I'm not sure you can map the standard jspwiki role names to
>>> (different) LDAP group names. Yes it is possible I think to change the
>>> default role names as used in the security policy file (and in web.xml
>>> to match), with the exception of the Authenticated role above.
>>>
>>> Andrew J is the expert on this, hopefully he will chime in.
>>>
>>>
>>>
>>> Ryan L Brissette wrote:
>>>> Is it possible to connect JSPWiki groups to my existing LDAP 
>>>> groups?  I
>>>> have already enabled LDAP authentication.
>>>>
>>>> Thank you,
>>>> Ryan Brissette
>>>>
>>>>
>>>
>


-- 
David Gao (davidgjm@gmail.com)


Mime
View raw message