incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Willeke <...@willeke.com>
Subject Re: LDAP Login problems (Login.jsp?redirect issue)
Date Thu, 26 Mar 2009 15:43:30 GMT
Wyllys -
Which LDAP server?

-jim
Jim Willeke


On Thu, Mar 26, 2009 at 9:31 AM, Wyllys Ingersoll
<wyllys.ingersoll@sun.com>wrote:

>
> My LDAP Record does have a field that identifies groups within the company,
> "departmentnumber".
>
> I guess I need to figure out how to set up my server.xml to turn those
> values into Roles that JSPWiki can recognize.
>
> My big issue with this whole thing is that JSPWiki seems to assume that you
> must have this group/role mapping stuff.  It already knows that my users
> are authenticated, why isn't that good enough or why can it not
> automatically map those authenticated users to the "Authenticated" role?
>
> -Wyllys
>
>
>
>
>
> TruptiP wrote:
>
>> Hi wyllys,
>>
>> There may be different different name given to groups in your LDAP. In
>> every
>> organization they may set different Name to Rule.
>>
>> e.g. comany name is = IBM
>>
>> then there may be role
>>
>> IBMGroups = IBMALL
>> IBMGroups = IBMDevelopment
>> IBMGroups = IBMSupport
>> IBMGroups = IBMResearch
>>
>> Now here, every employee may be member of 1 or many groups.
>> IBMALL contain all employees. SO employee is member of IBMALL and also
>> member of group according to department.
>>
>> SO while retriving role, you need to use IBMGroups and while giving rights
>> in web.xml of JSPWIki you need to use IBMALL or IBMDEvelopment etc.
>>
>> Now, find out which Role you are going to use it( e.g.  memberOf or
>> ObjectClass)
>> I hope this will help you
>>
>> Regards,
>> Trupti Patil
>>
>>
>> Wyllys Ingersoll wrote:
>>
>>>
>>> I'm not clear on the issue of roles and groups when authenticating to
>>> LDAP.
>>>
>>> My LDAP server does not return that data for any users. I can query the
>>> full LDAP record for myself and there are no "role" or "group" values of
>>> any kind.
>>>
>>> How to I force either the container or the application to map any
>>> authenticated
>>> user to a "group" that JSPWiki will recognize?
>>>
>>> -Wyllys
>>>
>>>
>>> TruptiP wrote:
>>>
>>>> Hi Wyllys,
>>>>
>>>> I forgot to mention part from web.xml of JSPWIKI.
>>>>
>>>> You have to use RoleName(which you extract from LDAP authentication. in
>>>> my
>>>> previous mail I have given example of groups (abc,pqr)).
>>>> Now we consider abc as a group with admin rights. So in web.xml of
>>>> JSPwiki,  <security-constraint>
>>>>       <web-resource-collection>
>>>>           <web-resource-name>Administrative Area</web-resource-name>
>>>>           <url-pattern>/Delete.jsp</url-pattern>
>>>>       </web-resource-collection>
>>>>
>>>>          <auth-constraint>
>>>>                                <role-name>abc</role-name>
>>>>       </auth-constraint>
>>>>
>>>>  <!-- <user-data-constraint>
>>>>           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>>       </user-data-constraint>  -->
>>>>   </security-constraint>
>>>>
>>>> We consider pqr group as authenticated then
>>>>  <security-constraint>
>>>>       <web-resource-collection>
>>>>           <web-resource-name>Authenticated area</web-resource-name>
>>>>           <url-pattern>/Edit.jsp</url-pattern>
>>>>           <url-pattern>/Comment.jsp</url-pattern>
>>>>           <url-pattern>/Login.jsp</url-pattern>
>>>>           <url-pattern>/NewGroup.jsp</url-pattern>
>>>>           <url-pattern>/Rename.jsp</url-pattern>
>>>>           <url-pattern>/Upload.jsp</url-pattern>
>>>>                   <http-method>DELETE</http-method>
>>>>           <http-method>GET</http-method>
>>>>           <http-method>HEAD</http-method>
>>>>           <http-method>POST</http-method>
>>>>           <http-method>PUT</http-method>
>>>>       </web-resource-collection>
>>>>
>>>>       <web-resource-collection>
>>>>           <web-resource-name>Read-only Area</web-resource-name>
>>>>           <url-pattern>/attach</url-pattern>
>>>>           <http-method>DELETE</http-method>
>>>>           <http-method>POST</http-method>
>>>>           <http-method>PUT</http-method>
>>>>       </web-resource-collection>
>>>>
>>>>
>>>>     <auth-constraint>
>>>>                                <role-name>pqr</role-name>
>>>>       </auth-constraint>
>>>>
>>>>  <!-- <user-data-constraint>
>>>>           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>>       </user-data-constraint>  -->
>>>>   </security-constraint>
>>>>
>>>> If you do not take care of extracting RoleName from LDAP and using
>>>> properly
>>>> in web.xml, then you will get that error.
>>>>
>>>> Don't use Admin and Authenticated roles which are given by JSPwiki in
>>>> web.xml.
>>>>
>>>> Question - If you don't know connection name and password then how you
>>>> implemented LDAp authentication currently? If you are able to do LDAP
>>>> authentication then just try to retireve UserRoleName. It will solve
>>>> your
>>>> problem.
>>>>
>>>> Regards,
>>>> Trupti
>>>>
>>>>
>>>>
>>>
>>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message