incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Jaquith <andrew.jaqu...@mac.com>
Subject Re: LDAP groups
Date Thu, 06 Mar 2008 01:13:21 GMT
David - your simple example works much better than my long-winded  
explanation might have. :) Nice one.

Ryan - the important point here is that you can add container roles to  
your security policy file using the syntax in David's example. You can  
use container roles in wiki page ACLs, too. To make this work, you  
need to make sure you have a "role" element in your web.xml for each  
LDAP group you are referencing.

Andrew

On Mar 5, 2008, at 16:59, David Gao <davidgjm@gmail.com> wrote:

> Hi,
>
> I'm using LDAP (Web container authentication )for JSPWiki in my  
> environment.
> I can successfully map LDAP groups (UniqueMember) to JSPWiki roles.  
> The
> following is a security policy for this:
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "tomcat-admin" {
>    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
> };
>
> where "tomcat-admin" is a LDAP group.
>
> I would be happy to share more information about this if you just  
> need.
>
> 2008/3/6, Milton Taylor <mctozzy@gmail.com>:
>>
>> At the very least you have to have an LDAP group named
>> "Authenticated"...this seems to be a hard-wired expectation of  
>> jspwiki.
>>
>> We need to be careful about terminology here, because jspwiki  
>> "groups"
>> and "roles" aren't the same thing.  Here we're really talking about  
>> the
>> jspwiki roles, because they're the things that underly security in
>> jspwiki. I'm not sure you can map the standard jspwiki role names to
>> (different) LDAP group names. Yes it is possible I think to change  
>> the
>> default role names as used in the security policy file (and in  
>> web.xml
>> to match), with the exception of the Authenticated role above.
>>
>> Andrew J is the expert on this, hopefully he will chime in.
>>
>>
>>
>> Ryan L Brissette wrote:
>>> Is it possible to connect JSPWiki groups to my existing LDAP  
>>> groups?  I
>>> have already enabled LDAP authentication.
>>>
>>> Thank you,
>>> Ryan Brissette
>>>
>>>
>>

Mime
View raw message