incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From TruptiP <trupti....@gmail.com>
Subject Re: LDAP Login problems (Login.jsp?redirect issue)
Date Wed, 25 Mar 2009 13:36:56 GMT

Hi Wyllys,

I forgot to mention part from web.xml of JSPWIKI.

You have to use RoleName(which you extract from LDAP authentication. in my
previous mail I have given example of groups (abc,pqr)).
Now we consider abc as a group with admin rights. So in web.xml of JSPwiki, 
 <security-constraint>
       <web-resource-collection>
           <web-resource-name>Administrative Area</web-resource-name>
           <url-pattern>/Delete.jsp</url-pattern>
       </web-resource-collection>

          <auth-constraint>
   				<role-name>abc</role-name>
       </auth-constraint>

 <!-- <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>  -->
   </security-constraint>

We consider pqr group as authenticated then
 <security-constraint>
       <web-resource-collection>
           <web-resource-name>Authenticated area</web-resource-name>
           <url-pattern>/Edit.jsp</url-pattern>
           <url-pattern>/Comment.jsp</url-pattern>
           <url-pattern>/Login.jsp</url-pattern>
           <url-pattern>/NewGroup.jsp</url-pattern>
           <url-pattern>/Rename.jsp</url-pattern>
           <url-pattern>/Upload.jsp</url-pattern>
		   <http-method>DELETE</http-method>
           <http-method>GET</http-method>
           <http-method>HEAD</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>

       <web-resource-collection>
           <web-resource-name>Read-only Area</web-resource-name>
           <url-pattern>/attach</url-pattern>
           <http-method>DELETE</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>


     <auth-constraint>
   				<role-name>pqr</role-name>
       </auth-constraint>

 <!-- <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>  
-->
   </security-constraint> 


If you do not take care of extracting RoleName from LDAP and using properly
in web.xml, then you will get that error.

Don't use Admin and Authenticated roles which are given by JSPwiki in
web.xml.

Question - If you don't know connection name and password then how you
implemented LDAp authentication currently? If you are able to do LDAP
authentication then just try to retireve UserRoleName. It will solve your
problem.

Regards,
Trupti




Wyllys Ingersoll wrote:
> 
> 
> Trupti, David, Jim, et al -
>    Thanks for the suggestions.   I don't think that my problem is related
> to the actual LDAP authentication (though the issue with group mapping may
> be
> important, I am going to investigate that).  My users are able to
> authenticate 
> correctly to the LDAP server,  I can verify this by entering an incorrect
> password 
> and noting that it definitely fails as expected.
> 
> The problem seems to be in how JSPWiki recognizes the user after the
> container
> LDAP auth succeeds.  
> 
>    Also, I am running the Sun Webserver 7 product, not Apache/Tomcat in
> this case,
> so my server.xml is a little different.  There are no "UserDatabase"
> entries in 
> the server.xml.  I can probably add a "Realm className= ..." entry as you
> suggest
> below, but I would not know what to put in for the connectionName and
> password,
> I certainly cannot and will not put my own name/password in there.  Maybe
> I don't
> need one?  I will try some things and see if I can make it work.  Perhaps
> there are
> some settings in the webserver configuration that I need to modify, I will
> investigate.
> 
>    I still suspect a bug in JSPWiki since I know that my users are
> authenticated,
> but the Login.jsp logic seems to want to reject my users once they are
> already
> authenticated - it does not allow the ?redirect=Main to work.
> 
> Thanks,
>   Wyllys
> 
> 
> 
> TruptiP wrote:
>> Hi Wyllys,
>> 
>> The same problem I faced when I tried for LDAp authentication.
>> 
>> The role name you mentioned in server.xml of Tomcat must match with role
>> name you specified in web.xml of Jspwiki.
>> 
>> How you are extracting ROLE Name from LDAP 
>> 
>>  <Realm className="org.apache.catalina.realm.JNDIRealm"
>> 		connectionURL="ldap://URL:389"
>> 		connectionName="uid=admin,ou=Directory Administrators,dc=domain,dc=com"
>> 		connectionPassword="admin"
>> 		userBase="ou=Root,dc=domain,dc=com"
>> 		userSubtree="true"
>> 		userSearch="(uid={0})"
>> 		userRoleName="groups"
>> /> 
>> 
>> Choosing userRoleName  is very important.
>> 
>> e.g. User is member of 2 groups 
>> groups= abc
>> groups=pqr
>> 
>> You can either use abc or pqr in web.xml of Jspwiki for authenticated
>> area
>> and admin area.
>> There may be many groups or one common group which include all members. 
>> 
>> Just try this out and let us know result.
>> 
>> Regards,
>> Trupti Patil
> 
>> 
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/LDAP-Login-problems-tp22636511p22701895.html
Sent from the JspWiki - User mailing list archive at Nabble.com.


Mime
View raw message