Re: LDAP groups

Wed, 05 Mar 2008 17:24:34 -0800 

Andrew, Thank you.
I will add a documentation about LDAP authentication via web container on jspwiki.org. I only enabled JNDIRealm in my Tomcat server.xml. Not sure about other issues if other realm(s) is/are enabled. 


-------- Original Message --------

David - your simple example works much better than my long-winded 
explanation might have. :) Nice one.



Ryan - the important point here is that you can add container roles to 
your security policy file using the syntax in David's example. You can 
use container roles in wiki page ACLs, too. To make this work, you 
need to make sure you have a "role" element in your web.xml for each 
LDAP group you are referencing.


Andrew

On Mar 5, 2008, at 16:59, David Gao <[EMAIL PROTECTED]> wrote:


Hi,


I'm using LDAP (Web container authentication )for JSPWiki in my 
environment.

I can successfully map LDAP groups (UniqueMember) to JSPWiki roles. The
following is a security policy for this:

grant principal com.ecyrd.jspwiki.auth.authorize.Role "tomcat-admin" {
   permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};

where "tomcat-admin" is a LDAP group.

I would be happy to share more information about this if you just need.

2008/3/6, Milton Taylor <[EMAIL PROTECTED]>:


At the very least you have to have an LDAP group named
"Authenticated"...this seems to be a hard-wired expectation of jspwiki.

We need to be careful about terminology here, because jspwiki "groups"
and "roles" aren't the same thing.  Here we're really talking about the
jspwiki roles, because they're the things that underly security in
jspwiki. I'm not sure you can map the standard jspwiki role names to
(different) LDAP group names. Yes it is possible I think to change the
default role names as used in the security policy file (and in web.xml
to match), with the exception of the Authenticated role above.

Andrew J is the expert on this, hopefully he will chime in.



Ryan L Brissette wrote:

Is it possible to connect JSPWiki groups to my existing LDAP 
groups?  I

have already enabled LDAP authentication.

Thank you,
Ryan Brissette









--
David Gao ([EMAIL PROTECTED])























					Reply via email to