incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Juan Pablo Santos Rodríguez <>
Subject Re: Regression with LDAP group lookups in JSPWiki 2.9.1-svn-31
Date Tue, 25 Jun 2013 21:53:01 GMT
Hi Dave,

almost a a month later, but finally got time to look into this issue. The
good news: I was able to setup JSPWiki with container based authentication
and LDAP group lookups.

I followed your blog post [#1], but with some tiny differences as I've used
some different versions:

* OpenDJ 2.5.0-Xpress1
  - no-brainer installation, for testing purposes
  - base DN: dc=example, dc=com,
  - No groups OU, no Users OU (this shouldn't matter, it should only affect
the base DN on GlassFish configuration)
  - one wiki-admin group and one wiki-users group
  - one wikiadmin user (cn, givenName, sn, uid, password, all of them with
the same value, wikiadmin), member of wiki-admin
  - one wikiuser user (cn, givenName, sn, uid, password, all of them with
the same value, wikiuser), member of wiki-users

* GlassFish Server Open Source Edition
  - Configurations -> server-config -> Security : JACC = simple
  - Configurations -> server-config -> Security -> Realms -> JSPWikiUsers
    + JAAS Context : ldapRealm
    + Directory : ldap://localhost:389
    + Base DN : dc=example,dc=com
    + (additional property) group-search-filter : uniqueMember=%d
    + (additional property) group-base-dn : dc=example,dc=com
    + (additional property) search-filter : cn=%s
  - Once the config is made, server restart

* JSPWiki v2.10.0-svn-11 (current trunk, almost 100% sure no modifications
on auth code since 2.9.1-svn-31)
  - followed the steps described at [#1]
  - mvn clean install
  - deployed the war on GlassFish

Did you see any exceptions regarding JSPWiki? Until I had my GlassFish
Realm config fine, I stumbled upon a lot of GlassFish exceptions regarding
LDAP auth (user not found, and similar ones), but they never were JSPWiki
specific. Also, I had to restart GlassFish every time I had to save the
Realm configuration, in order to ensure the configuration was saved and

juan pablo


On Sun, May 26, 2013 at 2:05 PM, Juan Pablo Santos Rodríguez <> wrote:

> Hi Dave,
> skimming through ChangeLog and ChangeLog, there hasn't been specific work
> on the auth area since 2.8.3, so it seems that we've inadvertently
> introduced a change that hasn't been caught by unit tests. Could you please
> open a JIRA for this issue? Also, could you set the logs to debug level to
> see if there's something unusual?
> I'd like to turn trunk into multimodule, but will take a look at this
> afterwards
> thanks,
> juan pablo
> On Sat, May 25, 2013 at 3:43 PM, Dave Koelmeyer <
>> wrote:
>> Hi All,
>> Looks like there has been a change in JSPWiki 2.9.1-svn-31 with container
>> based authentication and LDAP group lookups.
>> I've previously blogged my configuration using JSPWiki 2.8.3 and
>> GlassFish 3.1 which worked fine:
>> authentication-with-jspwiki-**glassfish-and-opendj/<>
>> Using this same configuration on JSPWiki 2.9.1-svn-31, LDAP group
>> memberships are not retrieved.
>> I have gone so far as to configure a fresh installation of JSPWiki 2.8.3
>> in a GlassFish domain with the above configuration, then duplicated
>> settings exactly in another GlassFish domain using JSPWiki 2.9.1-svn-31.
>> Version 2.8.3 will retrieve LDAP groups fine, JSPWiki 2.9.1-svn-31 will not.
>> The behaviour I see on v2.9.1-svn-31 is the same as if I change the JACC
>> provider from "simple" to "default" in GlassFish using JSPWiki 2.8.3: LDAP
>> lookups are fine, but LDAP groups aren't. Can anyone offer some pointers on
>> what might have changed between JSPWiki versions to break this?
>> Cheers,
>> Dave
>> --
>> Dave Koelmeyer
>>**nz <>

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message