incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Jaquith <andrew.r.jaqu...@gmail.com>
Subject Re: LDAP Login problems (Login.jsp?redirect issue)
Date Fri, 27 Mar 2009 12:27:56 GMT
Wyllys--

I'd forgotten about that particular post. Glad you got benefit from  
it. I should probably add it to the official docs. :)

Are you using a custom Authorizer by any chance? I fixed a recent bug  
in 2.8.1 that prevented custom roles from being added. Sounds a little  
like your issue, actually. Could you try the 2.8.2 nightly build and  
see if it helps?

If not, we can explore the container authentication config options.

Andrew

On Mar 26, 2009, at 12:29, Wyllys Ingersoll <wyllys.ingersoll@sun.com>  
wrote:

> Andrew Jaquith wrote:
>> Wyllys:
>> I think you have been misinformed. JSPWiki does indeed assign any  
>> user that has been authenticated to a built-in role, called  
>> "Authenticated".
>
> That's what I thought, but despite the settings in my policy file and
> in web.xml, JSPWiki is not letting my "Authenticated" role do anything
> (edit, attach, delete, etc).
>
>> While I haven't verified your issue yet, the problem is likely in  
>> the JSPWiki scriptlet code, and has nothing to do with your LDAP  
>> integration. Could you try reproducing the issue with a MemoryRealm  
>> or another type of container site authenticator? That would narrow  
>> the scope if the problem to the code that handles the redirects.
>
> What do I need to change in my config to do that?
>
>
>> I'll try reproducing your issue in the meantime.
>> Andrew
>
>
> Thanks - I just read over your excellent description of roles and  
> groups
> here: http://www.mail-archive.com/jspwiki-user@incubator.apache.org/msg01191.html
> which makes the distinction very clear.
>
> My problem seems to be related to the groups and/or roles that the  
> users are assigned
> to once they log in.
>
> I am using container authentication through the Sun Webserver 7  
> product and
> authenticating to my corporate LDAP server, which does not have any  
> "Group"
> entries. None of the CN's associated with my own entry have a  
> "Group" identifier.
>
> I know there is a critical bit of configuration that I am missing to  
> get JSPWiki
> to be able to interpret my group or role once the authentication  
> completes,
> but I'm just not well versed enough with LDAP or JAAS to know how to  
> fix it.
>
> The examples and emails that I have seen online all reference  
> configuring it
> through Tomcat, but those examples don't really apply in my  
> situation because
> the config for Webserver7 is a bit different.  There is a server.xml  
> that I can tinker with if necessary though.
> I'm open to suggestions :)
>
> -Wyllys
>
>

Mime
View raw message