incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wyllys Ingersoll <wyllys.ingers...@sun.com>
Subject Re: LDAP Login problems (Login.jsp?redirect issue)
Date Thu, 26 Mar 2009 13:31:34 GMT

My LDAP Record does have a field that identifies groups within the company,
"departmentnumber".

I guess I need to figure out how to set up my server.xml to turn those
values into Roles that JSPWiki can recognize.

My big issue with this whole thing is that JSPWiki seems to assume that you
must have this group/role mapping stuff.  It already knows that my users
are authenticated, why isn't that good enough or why can it not 
automatically map those authenticated users to the "Authenticated" role?

-Wyllys




TruptiP wrote:
> Hi wyllys,
> 
> There may be different different name given to groups in your LDAP. In every
> organization they may set different Name to Rule.
> 
> e.g. comany name is = IBM
> 
> then there may be role
> 
> IBMGroups = IBMALL
> IBMGroups = IBMDevelopment
> IBMGroups = IBMSupport
> IBMGroups = IBMResearch
> 
> Now here, every employee may be member of 1 or many groups.
> IBMALL contain all employees. SO employee is member of IBMALL and also
> member of group according to department.
> 
> SO while retriving role, you need to use IBMGroups and while giving rights
> in web.xml of JSPWIki you need to use IBMALL or IBMDEvelopment etc.
> 
> Now, find out which Role you are going to use it( e.g.  memberOf or
> ObjectClass)
> I hope this will help you
> 
> Regards,
> Trupti Patil
> 
> 
> Wyllys Ingersoll wrote:
>>
>> I'm not clear on the issue of roles and groups when authenticating to
>> LDAP.
>>
>> My LDAP server does not return that data for any users. I can query the
>> full LDAP record for myself and there are no "role" or "group" values of
>> any kind.
>>
>> How to I force either the container or the application to map any
>> authenticated
>> user to a "group" that JSPWiki will recognize?
>>
>> -Wyllys
>>
>>
>> TruptiP wrote:
>>> Hi Wyllys,
>>>
>>> I forgot to mention part from web.xml of JSPWIKI.
>>>
>>> You have to use RoleName(which you extract from LDAP authentication. in
>>> my
>>> previous mail I have given example of groups (abc,pqr)).
>>> Now we consider abc as a group with admin rights. So in web.xml of
>>> JSPwiki, 
>>>  <security-constraint>
>>>        <web-resource-collection>
>>>            <web-resource-name>Administrative Area</web-resource-name>
>>>            <url-pattern>/Delete.jsp</url-pattern>
>>>        </web-resource-collection>
>>>
>>>           <auth-constraint>
>>>    				<role-name>abc</role-name>
>>>        </auth-constraint>
>>>
>>>  <!-- <user-data-constraint>
>>>            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>        </user-data-constraint>  -->
>>>    </security-constraint>
>>>
>>> We consider pqr group as authenticated then
>>>  <security-constraint>
>>>        <web-resource-collection>
>>>            <web-resource-name>Authenticated area</web-resource-name>
>>>            <url-pattern>/Edit.jsp</url-pattern>
>>>            <url-pattern>/Comment.jsp</url-pattern>
>>>            <url-pattern>/Login.jsp</url-pattern>
>>>            <url-pattern>/NewGroup.jsp</url-pattern>
>>>            <url-pattern>/Rename.jsp</url-pattern>
>>>            <url-pattern>/Upload.jsp</url-pattern>
>>> 		   <http-method>DELETE</http-method>
>>>            <http-method>GET</http-method>
>>>            <http-method>HEAD</http-method>
>>>            <http-method>POST</http-method>
>>>            <http-method>PUT</http-method>
>>>        </web-resource-collection>
>>>
>>>        <web-resource-collection>
>>>            <web-resource-name>Read-only Area</web-resource-name>
>>>            <url-pattern>/attach</url-pattern>
>>>            <http-method>DELETE</http-method>
>>>            <http-method>POST</http-method>
>>>            <http-method>PUT</http-method>
>>>        </web-resource-collection>
>>>
>>>
>>>      <auth-constraint>
>>>    				<role-name>pqr</role-name>
>>>        </auth-constraint>
>>>
>>>  <!-- <user-data-constraint>
>>>            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>        </user-data-constraint>  
>>> -->
>>>    </security-constraint> 
>>>
>>>
>>> If you do not take care of extracting RoleName from LDAP and using
>>> properly
>>> in web.xml, then you will get that error.
>>>
>>> Don't use Admin and Authenticated roles which are given by JSPwiki in
>>> web.xml.
>>>
>>> Question - If you don't know connection name and password then how you
>>> implemented LDAp authentication currently? If you are able to do LDAP
>>> authentication then just try to retireve UserRoleName. It will solve your
>>> problem.
>>>
>>> Regards,
>>> Trupti
>>>
>>>
>>
>>
> 


Mime
View raw message