Re: LDAP Login problems (Login.jsp?redirect issue)

Wed, 25 Mar 2009 06:19:09 -0700 


Trupti, David, Jim, et al -
  Thanks for the suggestions.   I don't think that my problem is related
to the actual LDAP authentication (though the issue with group mapping may be
important, I am going to investigate that). My users are able to authenticate correctly to the LDAP server, I can verify this by entering an incorrect password and noting that it definitely fails as expected. 

The problem seems to be in how JSPWiki recognizes the user after the container

LDAP auth succeeds.  


  Also, I am running the Sun Webserver 7 product, not Apache/Tomcat in this 
case,

so my server.xml is a little different.  There are no "UserDatabase" entries in 
the server.xml.  I can probably add a "Realm className= ..." entry as you suggest

below, but I would not know what to put in for the connectionName and password,
I certainly cannot and will not put my own name/password in there.  Maybe I 
don't
need one?  I will try some things and see if I can make it work.  Perhaps there 
are
some settings in the webserver configuration that I need to modify, I will 
investigate.

  I still suspect a bug in JSPWiki since I know that my users are authenticated,
but the Login.jsp logic seems to want to reject my users once they are already
authenticated - it does not allow the ?redirect=Main to work.

Thanks,
 Wyllys



TruptiP wrote:

Hi Wyllys,

The same problem I faced when I tried for LDAp authentication.

The role name you mentioned in server.xml of Tomcat must match with role
name you specified in web.xml of Jspwiki.


How you are extracting ROLE Name from LDAP 


 <Realm className="org.apache.catalina.realm.JNDIRealm"
                connectionURL="ldap://URL:389";
                connectionName="uid=admin,ou=Directory 
Administrators,dc=domain,dc=com"
                connectionPassword="admin"
                userBase="ou=Root,dc=domain,dc=com"
                userSubtree="true"
                userSearch="(uid={0})"
                userRoleName="groups"

/> 


Choosing userRoleName  is very important.


e.g. User is member of 2 groups 
groups= abc

groups=pqr

You can either use abc or pqr in web.xml of Jspwiki for authenticated area
and admin area.

There may be many groups or one common group which include all members. 


Just try this out and let us know result.

Regards,
Trupti Patil




























					Reply via email to