You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by TruptiP <tr...@gmail.com> on 2009/01/15 09:08:37 UTC
LDAP authentication problem for jspwiki 2.8.1 on windows machine
Hi,
I have installed JSPWiki 2.8.1 on my desktop machine. It works fine when I
use default userdatabase for authentication and authorization.
Now I am using LDAP authentication .... I used below specifications in
server.xml
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://server:389"
connectionName="uid=admin,ou=Directory Administrators,dc=example,dc=com"
connectionPassword="secret"
userBase="ou=domain,dc=example,dc=com"
userSubtree="true"
userSearch="(uid={0})"
/>
In web.xml of JSPwiki
<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated area</web-resource-name>
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<url-pattern>/NewGroup.jsp</url-pattern>
<url-pattern>/Rename.jsp</url-pattern>
<url-pattern>/Upload.jsp</url-pattern>
<url-pattern>/Delete.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Read-only Area</web-resource-name>
<url-pattern>/attach</url-pattern>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Authenticated</role-name>
</auth-constraint>
When I login in jspwiki I get forbidden page and after pressing "back" tab
and refresh my login is shown as authenticated.... But I am only able to
view the pages when I go to edit the page
G’day (anonymous guest) will be displayed at corner and it not authenticate
me to update the page. I haven't use any ACL's in any page. I have given all
authorization to authenticated user.
One more important point is I dont have any group in LDAP.
--
View this message in context: http://www.nabble.com/LDAP-authentication-problem-for-jspwiki-2.8.1-on-windows-machine-tp21473087p21473087.html
Sent from the JspWiki - User mailing list archive at Nabble.com.
Re: LDAP authentication problem for jspwiki 2.8.1 on windows
machine
Posted by TruptiP <tr...@gmail.com>.
Hi ,
Atlast it works.....
Actually i need to pick up UserRoleName properly as per my ldap attributes
... which is not done in my initial settings.
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://server:389"
connectionName="uid=admin,ou=Directory Administrators,dc=example,dc=com"
connectionPassword="secret"
userBase="ou=domain,dc=example,dc=com"
userSubtree="true"
userSearch="(uid={0})"
userRoleName="memberOf"
roleBase="OU=example3,OU=example1,DC=domian,DC=example2,DC=com"
roleName="cn"
roleSubtree="true"
roleSearch="(member={0})"
/>
The below 4-5 line needs to be write very carefully ...... which help us to
pick up role-name for web.xml.
Thanks for your quick response
Regards,
Trupti Patil
TruptiP wrote:
>
> Hi,
>
> I have installed JSPWiki 2.8.1 on my desktop machine. It works fine when I
> use default userdatabase for authentication and authorization.
>
> Now I am using LDAP authentication .... I used below specifications in
> server.xml
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> connectionURL="ldap://server:389"
> connectionName="uid=admin,ou=Directory Administrators,dc=example,dc=com"
> connectionPassword="secret"
> userBase="ou=domain,dc=example,dc=com"
> userSubtree="true"
> userSearch="(uid={0})"
> />
>
> In web.xml of JSPwiki
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Authenticated area</web-resource-name>
> <url-pattern>/Edit.jsp</url-pattern>
> <url-pattern>/Comment.jsp</url-pattern>
> <url-pattern>/Login.jsp</url-pattern>
> <url-pattern>/NewGroup.jsp</url-pattern>
> <url-pattern>/Rename.jsp</url-pattern>
> <url-pattern>/Upload.jsp</url-pattern>
> <url-pattern>/Delete.jsp</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>HEAD</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
>
> <web-resource-collection>
> <web-resource-name>Read-only Area</web-resource-name>
> <url-pattern>/attach</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
>
> <auth-constraint>
> <role-name>Authenticated</role-name>
> </auth-constraint>
>
> When I login in jspwiki I get forbidden page and after pressing "back" tab
> and refresh my login is shown as authenticated.... But I am only able to
> view the pages when I go to edit the page
>
> G’day (anonymous guest) will be displayed at corner and it not
> authenticate me to update the page. I haven't use any ACL's in any page. I
> have given all authorization to authenticated user.
>
> One more important point is I dont have any group in LDAP.
>
--
View this message in context: http://www.nabble.com/LDAP-authentication-problem-for-jspwiki-2.8.1-on-windows-machine-tp21473087p21477816.html
Sent from the JspWiki - User mailing list archive at Nabble.com.
Re: LDAP authentication problem for jspwiki 2.8.1 on windows
machine
Posted by TruptiP <tr...@gmail.com>.
Hi,
I tried it out. But this also doesnt work out.
But the problem is same as it is. Even the user is authenticated. Forbidden
message comes.
I think Authenticated role is in built in jspwiki so even though
Authenticated group is not present in LDAP it should work.
The Authentication works as usual for group members addition and deletion.
The problem is only with the pages which we mentioned in url-pattern of
web.xml.
Thanks in advance.
Regards,
Trupti Patil
Enrico Maria Carmona wrote:
>
> Hi!
>
> I've 2.6.x but this may help you
>
> grant a login privilege to "all" role:
>
> my jspwiki.policy:
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> "view";
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "editPreferences";
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "editProfile";
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "login";
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> "modify";
> };
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> "modify";
> permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
> "view";
> permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
> "*:<groupmember>", "edit";
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "createPages,createGroups";
> };
>
> grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
> permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
> };
>
> If you didn't have any role from LDAP you can (trick!) use a property of
> LDAP like a role.
> I use: userRoleName="objectClass". It returns 'user' as role.
>
> my server.xml:
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> debug="99"
> connectionURL="ldap://ldapserver:389"
> connectionName="UserCanReadLDAP"
> connectionPassword="secret"
> referrals="follow"
> userBase="CN=Users,DC=example,DC=com"
> userSearch="(samaccountname={0})"
> userSubtree="true"
> roleBase="CN=Users,DC=example,DC=com"
> roleName="cn"
> roleSearch="(member={0})"
> roleSubtree="true"
> userRoleName="objectClass"
> />
>
> Then map 'user' role in jspwiki (my web.xml):
>
> <auth-constraint>
> <role-name>user</role-name>
> </auth-constraint>
>
> <security-role>
> <description>
> All users
> </description>
> <role-name>user</role-name>
> </security-role>
>
> So, everyone has a role 'user' and can login (in my configuration not
> also)
>
> Hope this help,
>
> Enrico
>
> ---------
> "TruptiP" <tr...@gmail.com> scritto:
>
> Hi,
>
> I have installed JSPWiki 2.8.1 on my desktop machine. It works fine when I
> use default userdatabase for authentication and authorization.
>
> Now I am using LDAP authentication .... I used below specifications in
> server.xml
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> connectionURL="ldap://server:389"
> connectionName="uid=admin,ou=Directory Administrators,dc=example,dc=com"
> connectionPassword="secret"
> userBase="ou=domain,dc=example,dc=com"
> userSubtree="true"
> userSearch="(uid={0})"
> />
>
> In web.xml of JSPwiki
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Authenticated area</web-resource-name>
> <url-pattern>/Edit.jsp</url-pattern>
> <url-pattern>/Comment.jsp</url-pattern>
> <url-pattern>/Login.jsp</url-pattern>
> <url-pattern>/NewGroup.jsp</url-pattern>
> <url-pattern>/Rename.jsp</url-pattern>
> <url-pattern>/Upload.jsp</url-pattern>
> <url-pattern>/Delete.jsp</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>HEAD</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
>
> <web-resource-collection>
> <web-resource-name>Read-only Area</web-resource-name>
> <url-pattern>/attach</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
>
> <auth-constraint>
> <role-name>Authenticated</role-name>
> </auth-constraint>
>
> When I login in jspwiki I get forbidden page and after pressing "back" tab
> and refresh my login is shown as authenticated.... But I am only able to
> view the pages when I go to edit the page
>
> G’day (anonymous guest) will be displayed at corner and it not
> authenticate
> me to update the page. I haven't use any ACL's in any page. I have given
> all
> authorization to authenticated user.
>
> One more important point is I dont have any group in LDAP.
> --
> View this message in context:
> http://www.nabble.com/LDAP-authentication-problem-for-jspwiki-2.8.1-on-windows-machine-tp21473087p21473087.html
> Sent from the JspWiki - User mailing list archive at Nabble.com.
>
>
>
>
--
View this message in context: http://www.nabble.com/LDAP-authentication-problem-for-jspwiki-2.8.1-on-windows-machine-tp21473087p21475881.html
Sent from the JspWiki - User mailing list archive at Nabble.com.