incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wyllys Ingersoll <wyllys.ingers...@sun.com>
Subject Re: LDAP Login problems (Login.jsp?redirect issue)
Date Thu, 26 Mar 2009 16:29:51 GMT
Andrew Jaquith wrote:
> Wyllys:
> 
> I think you have been misinformed. JSPWiki does indeed assign any user 
> that has been authenticated to a built-in role, called "Authenticated".

That's what I thought, but despite the settings in my policy file and
in web.xml, JSPWiki is not letting my "Authenticated" role do anything
(edit, attach, delete, etc).

> 
> While I haven't verified your issue yet, the problem is likely in the 
> JSPWiki scriptlet code, and has nothing to do with your LDAP 
> integration. Could you try reproducing the issue with a MemoryRealm or 
> another type of container site authenticator? That would narrow the 
> scope if the problem to the code that handles the redirects.

What do I need to change in my config to do that?


> 
> I'll try reproducing your issue in the meantime.
> 
> Andrew
> 


Thanks - I just read over your excellent description of roles and groups
here: http://www.mail-archive.com/jspwiki-user@incubator.apache.org/msg01191.html
which makes the distinction very clear.

My problem seems to be related to the groups and/or roles that the users are assigned
to once they log in.

I am using container authentication through the Sun Webserver 7 product and
authenticating to my corporate LDAP server, which does not have any "Group"
entries. None of the CN's associated with my own entry have a "Group" identifier.

I know there is a critical bit of configuration that I am missing to get JSPWiki
to be able to interpret my group or role once the authentication completes,
but I'm just not well versed enough with LDAP or JAAS to know how to fix it.

The examples and emails that I have seen online all reference configuring it
through Tomcat, but those examples don't really apply in my situation because
the config for Webserver7 is a bit different.  There is a server.xml that I 
can tinker with if necessary though. 

I'm open to suggestions :)

-Wyllys



Mime
View raw message