incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan L Brissette <rlbri...@us.ibm.com>
Subject Re: LDAP groups
Date Fri, 07 Mar 2008 19:17:11 GMT

Thanks to everyone who answered my email.  I got the answers I needed.

Thank you,
Ryan Brissette



                                                                                         
                                                           
  From:       Andrew Jaquith <andrew.jaquith@mac.com>                              
                                                                 
                                                                                         
                                                           
  To:         "jspwiki-user@incubator.apache.org" <jspwiki-user@incubator.apache.org>
                                                               
                                                                                         
                                                           
  Cc:         "jspwiki-user@incubator.apache.org" <jspwiki-user@incubator.apache.org>
                                                               
                                                                                         
                                                           
  Date:       03/05/2008 08:14 PM                                                        
                                                           
                                                                                         
                                                           
  Subject:    Re: LDAP groups                                                            
                                                           
                                                                                         
                                                           





David - your simple example works much better than my long-winded
explanation might have. :) Nice one.

Ryan - the important point here is that you can add container roles to
your security policy file using the syntax in David's example. You can
use container roles in wiki page ACLs, too. To make this work, you
need to make sure you have a "role" element in your web.xml for each
LDAP group you are referencing.

Andrew

On Mar 5, 2008, at 16:59, David Gao <davidgjm@gmail.com> wrote:

> Hi,
>
> I'm using LDAP (Web container authentication )for JSPWiki in my
> environment.
> I can successfully map LDAP groups (UniqueMember) to JSPWiki roles.
> The
> following is a security policy for this:
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "tomcat-admin" {
>    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
> };
>
> where "tomcat-admin" is a LDAP group.
>
> I would be happy to share more information about this if you just
> need.
>
> 2008/3/6, Milton Taylor <mctozzy@gmail.com>:
>>
>> At the very least you have to have an LDAP group named
>> "Authenticated"...this seems to be a hard-wired expectation of
>> jspwiki.
>>
>> We need to be careful about terminology here, because jspwiki
>> "groups"
>> and "roles" aren't the same thing.  Here we're really talking about
>> the
>> jspwiki roles, because they're the things that underly security in
>> jspwiki. I'm not sure you can map the standard jspwiki role names to
>> (different) LDAP group names. Yes it is possible I think to change
>> the
>> default role names as used in the security policy file (and in
>> web.xml
>> to match), with the exception of the Authenticated role above.
>>
>> Andrew J is the expert on this, hopefully he will chime in.
>>
>>
>>
>> Ryan L Brissette wrote:
>>> Is it possible to connect JSPWiki groups to my existing LDAP
>>> groups?  I
>>> have already enabled LDAP authentication.
>>>
>>> Thank you,
>>> Ryan Brissette
>>>
>>>
>>

Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message