Re: LDAP Login problems (Login.jsp?redirect issue)

Wed, 25 Mar 2009 06:54:43 -0700 


I'm not clear on the issue of roles and groups when authenticating to LDAP.

My LDAP server does not return that data for any users. I can query the
full LDAP record for myself and there are no "role" or "group" values of
any kind.

How to I force either the container or the application to map any authenticated
user to a "group" that JSPWiki will recognize?

-Wyllys


TruptiP wrote:

Hi Wyllys,

I forgot to mention part from web.xml of JSPWIKI.

You have to use RoleName(which you extract from LDAP authentication. in my
previous mail I have given example of groups (abc,pqr)).
Now we consider abc as a group with admin rights. So in web.xml of JSPwiki, <security-constraint> 
       <web-resource-collection>
           <web-resource-name>Administrative Area</web-resource-name>
           <url-pattern>/Delete.jsp</url-pattern>
       </web-resource-collection>

          <auth-constraint>
                                <role-name>abc</role-name>
       </auth-constraint>

 <!-- <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>  -->
   </security-constraint>

We consider pqr group as authenticated then
 <security-constraint>
       <web-resource-collection>
           <web-resource-name>Authenticated area</web-resource-name>
           <url-pattern>/Edit.jsp</url-pattern>
           <url-pattern>/Comment.jsp</url-pattern>
           <url-pattern>/Login.jsp</url-pattern>
           <url-pattern>/NewGroup.jsp</url-pattern>
           <url-pattern>/Rename.jsp</url-pattern>
           <url-pattern>/Upload.jsp</url-pattern>
                   <http-method>DELETE</http-method>
           <http-method>GET</http-method>
           <http-method>HEAD</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>

       <web-resource-collection>
           <web-resource-name>Read-only Area</web-resource-name>
           <url-pattern>/attach</url-pattern>
           <http-method>DELETE</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>


     <auth-constraint>
                                <role-name>pqr</role-name>
       </auth-constraint>

 <!-- <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint> --> </security-constraint> 

If you do not take care of extracting RoleName from LDAP and using properly
in web.xml, then you will get that error.

Don't use Admin and Authenticated roles which are given by JSPwiki in
web.xml.

Question - If you don't know connection name and password then how you
implemented LDAp authentication currently? If you are able to do LDAP
authentication then just try to retireve UserRoleName. It will solve your
problem.

Regards,
Trupti

Reply via email to