Hi!
I've 2.6.x but this may help you
grant a login privilege to "all" role:
my jspwiki.policy:
grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"view";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editPreferences";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"login";
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"modify";
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"modify";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
"view";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
"*:<groupmember>", "edit";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages,createGroups";
};
grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
If you didn't have any role from LDAP you can (trick!) use a property of
LDAP like a role.
I use: userRoleName="objectClass". It returns 'user' as role.
my server.xml:
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://ldapserver:389";
connectionName="UserCanReadLDAP"
connectionPassword="secret"
referrals="follow"
userBase="CN=Users,DC=example,DC=com"
userSearch="(samaccountname={0})"
userSubtree="true"
roleBase="CN=Users,DC=example,DC=com"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="true"
userRoleName="objectClass"
/>
Then map 'user' role in jspwiki (my web.xml):
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<security-role>
<description>
All users
</description>
<role-name>user</role-name>
</security-role>
So, everyone has a role 'user' and can login (in my configuration not also)
Hope this help,
Enrico
---------
"TruptiP" <[email protected]> scritto:
Hi,
I have installed JSPWiki 2.8.1 on my desktop machine. It works fine when I
use default userdatabase for authentication and authorization.
Now I am using LDAP authentication .... I used below specifications in
server.xml
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://server:389";
connectionName="uid=admin,ou=Directory Administrators,dc=example,dc=com"
connectionPassword="secret"
userBase="ou=domain,dc=example,dc=com"
userSubtree="true"
userSearch="(uid={0})"
/>
In web.xml of JSPwiki
<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated area</web-resource-name>
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<url-pattern>/NewGroup.jsp</url-pattern>
<url-pattern>/Rename.jsp</url-pattern>
<url-pattern>/Upload.jsp</url-pattern>
<url-pattern>/Delete.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Read-only Area</web-resource-name>
<url-pattern>/attach</url-pattern>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Authenticated</role-name>
</auth-constraint>
When I login in jspwiki I get forbidden page and after pressing "back" tab
and refresh my login is shown as authenticated.... But I am only able to
view the pages when I go to edit the page
G’day (anonymous guest) will be displayed at corner and it not
authenticate
me to update the page. I haven't use any ACL's in any page. I have given
all
authorization to authenticated user.
One more important point is I dont have any group in LDAP.
--
View this message in context:
http://www.nabble.com/LDAP-authentication-problem-for-jspwiki-2.8.1-on-windows-machine-tp21473087p21473087.html
Sent from the JspWiki - User mailing list archive at Nabble.com.
