incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From TruptiP <trupti....@gmail.com>
Subject Re: LDAP Login problems (Login.jsp?redirect issue)
Date Thu, 26 Mar 2009 06:12:15 GMT

Hi wyllys,

There may be different different name given to groups in your LDAP. In every
organization they may set different Name to Rule.

e.g. comany name is = IBM

then there may be role

IBMGroups = IBMALL
IBMGroups = IBMDevelopment
IBMGroups = IBMSupport
IBMGroups = IBMResearch

Now here, every employee may be member of 1 or many groups.
IBMALL contain all employees. SO employee is member of IBMALL and also
member of group according to department.

SO while retriving role, you need to use IBMGroups and while giving rights
in web.xml of JSPWIki you need to use IBMALL or IBMDEvelopment etc.

Now, find out which Role you are going to use it( e.g.  memberOf or
ObjectClass)
I hope this will help you

Regards,
Trupti Patil


Wyllys Ingersoll wrote:
> 
> 
> I'm not clear on the issue of roles and groups when authenticating to
> LDAP.
> 
> My LDAP server does not return that data for any users. I can query the
> full LDAP record for myself and there are no "role" or "group" values of
> any kind.
> 
> How to I force either the container or the application to map any
> authenticated
> user to a "group" that JSPWiki will recognize?
> 
> -Wyllys
> 
> 
> TruptiP wrote:
>> Hi Wyllys,
>> 
>> I forgot to mention part from web.xml of JSPWIKI.
>> 
>> You have to use RoleName(which you extract from LDAP authentication. in
>> my
>> previous mail I have given example of groups (abc,pqr)).
>> Now we consider abc as a group with admin rights. So in web.xml of
>> JSPwiki, 
>>  <security-constraint>
>>        <web-resource-collection>
>>            <web-resource-name>Administrative Area</web-resource-name>
>>            <url-pattern>/Delete.jsp</url-pattern>
>>        </web-resource-collection>
>> 
>>           <auth-constraint>
>>    				<role-name>abc</role-name>
>>        </auth-constraint>
>> 
>>  <!-- <user-data-constraint>
>>            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>        </user-data-constraint>  -->
>>    </security-constraint>
>> 
>> We consider pqr group as authenticated then
>>  <security-constraint>
>>        <web-resource-collection>
>>            <web-resource-name>Authenticated area</web-resource-name>
>>            <url-pattern>/Edit.jsp</url-pattern>
>>            <url-pattern>/Comment.jsp</url-pattern>
>>            <url-pattern>/Login.jsp</url-pattern>
>>            <url-pattern>/NewGroup.jsp</url-pattern>
>>            <url-pattern>/Rename.jsp</url-pattern>
>>            <url-pattern>/Upload.jsp</url-pattern>
>> 		   <http-method>DELETE</http-method>
>>            <http-method>GET</http-method>
>>            <http-method>HEAD</http-method>
>>            <http-method>POST</http-method>
>>            <http-method>PUT</http-method>
>>        </web-resource-collection>
>> 
>>        <web-resource-collection>
>>            <web-resource-name>Read-only Area</web-resource-name>
>>            <url-pattern>/attach</url-pattern>
>>            <http-method>DELETE</http-method>
>>            <http-method>POST</http-method>
>>            <http-method>PUT</http-method>
>>        </web-resource-collection>
>> 
>> 
>>      <auth-constraint>
>>    				<role-name>pqr</role-name>
>>        </auth-constraint>
>> 
>>  <!-- <user-data-constraint>
>>            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>        </user-data-constraint>  
>> -->
>>    </security-constraint> 
>> 
>> 
>> If you do not take care of extracting RoleName from LDAP and using
>> properly
>> in web.xml, then you will get that error.
>> 
>> Don't use Admin and Authenticated roles which are given by JSPwiki in
>> web.xml.
>> 
>> Question - If you don't know connection name and password then how you
>> implemented LDAp authentication currently? If you are able to do LDAP
>> authentication then just try to retireve UserRoleName. It will solve your
>> problem.
>> 
>> Regards,
>> Trupti
>> 
>> 
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/LDAP-Login-problems-tp22636511p22716460.html
Sent from the JspWiki - User mailing list archive at Nabble.com.


Mime
View raw message