Hi,
I tried it out. But this also doesnt work out.
But the problem is same as it is. Even the user is authenticated. Forbidden
message comes.
I think Authenticated role is in built in jspwiki so even though
Authenticated group is not present in LDAP it should work.
The Authentication works as usual for group members addition and deletion.
The problem is only with the pages which we mentioned in url-pattern of
web.xml.
Thanks in advance.
Regards,
Trupti Patil
Enrico Maria Carmona wrote:
>
> Hi!
>
> I've 2.6.x but this may help you
>
> grant a login privilege to "all" role:
>
> my jspwiki.policy:
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> "view";
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "editPreferences";
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "editProfile";
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "login";
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> "modify";
> };
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> "modify";
> permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
> "view";
> permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
> "*:<groupmember>", "edit";
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "createPages,createGroups";
> };
>
> grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
> permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
> };
>
> If you didn't have any role from LDAP you can (trick!) use a property of
> LDAP like a role.
> I use: userRoleName="objectClass". It returns 'user' as role.
>
> my server.xml:
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> debug="99"
> connectionURL="ldap://ldapserver:389";
> connectionName="UserCanReadLDAP"
> connectionPassword="secret"
> referrals="follow"
> userBase="CN=Users,DC=example,DC=com"
> userSearch="(samaccountname={0})"
> userSubtree="true"
> roleBase="CN=Users,DC=example,DC=com"
> roleName="cn"
> roleSearch="(member={0})"
> roleSubtree="true"
> userRoleName="objectClass"
> />
>
> Then map 'user' role in jspwiki (my web.xml):
>
> <auth-constraint>
> <role-name>user</role-name>
> </auth-constraint>
>
> <security-role>
> <description>
> All users
> </description>
> <role-name>user</role-name>
> </security-role>
>
> So, everyone has a role 'user' and can login (in my configuration not
> also)
>
> Hope this help,
>
> Enrico
>
> ---------
> "TruptiP" <[email protected]> scritto:
>
> Hi,
>
> I have installed JSPWiki 2.8.1 on my desktop machine. It works fine when I
> use default userdatabase for authentication and authorization.
>
> Now I am using LDAP authentication .... I used below specifications in
> server.xml
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> connectionURL="ldap://server:389";
> connectionName="uid=admin,ou=Directory Administrators,dc=example,dc=com"
> connectionPassword="secret"
> userBase="ou=domain,dc=example,dc=com"
> userSubtree="true"
> userSearch="(uid={0})"
> />
>
> In web.xml of JSPwiki
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Authenticated area</web-resource-name>
> <url-pattern>/Edit.jsp</url-pattern>
> <url-pattern>/Comment.jsp</url-pattern>
> <url-pattern>/Login.jsp</url-pattern>
> <url-pattern>/NewGroup.jsp</url-pattern>
> <url-pattern>/Rename.jsp</url-pattern>
> <url-pattern>/Upload.jsp</url-pattern>
> <url-pattern>/Delete.jsp</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>HEAD</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
>
> <web-resource-collection>
> <web-resource-name>Read-only Area</web-resource-name>
> <url-pattern>/attach</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
>
> <auth-constraint>
> <role-name>Authenticated</role-name>
> </auth-constraint>
>
> When I login in jspwiki I get forbidden page and after pressing "back" tab
> and refresh my login is shown as authenticated.... But I am only able to
> view the pages when I go to edit the page
>
> G’day (anonymous guest) will be displayed at corner and it not
> authenticate
> me to update the page. I haven't use any ACL's in any page. I have given
> all
> authorization to authenticated user.
>
> One more important point is I dont have any group in LDAP.
> --
> View this message in context:
> http://www.nabble.com/LDAP-authentication-problem-for-jspwiki-2.8.1-on-windows-machine-tp21473087p21473087.html
> Sent from the JspWiki - User mailing list archive at Nabble.com.
>
>
>
>
--
View this message in context:
http://www.nabble.com/LDAP-authentication-problem-for-jspwiki-2.8.1-on-windows-machine-tp21473087p21475881.html
Sent from the JspWiki - User mailing list archive at Nabble.com.
