Hi wyllys, There may be different different name given to groups in your LDAP. In every organization they may set different Name to Rule.
e.g. comany name is = IBM then there may be role IBMGroups = IBMALL IBMGroups = IBMDevelopment IBMGroups = IBMSupport IBMGroups = IBMResearch Now here, every employee may be member of 1 or many groups. IBMALL contain all employees. SO employee is member of IBMALL and also member of group according to department. SO while retriving role, you need to use IBMGroups and while giving rights in web.xml of JSPWIki you need to use IBMALL or IBMDEvelopment etc. Now, find out which Role you are going to use it( e.g. memberOf or ObjectClass) I hope this will help you Regards, Trupti Patil Wyllys Ingersoll wrote: > > > I'm not clear on the issue of roles and groups when authenticating to > LDAP. > > My LDAP server does not return that data for any users. I can query the > full LDAP record for myself and there are no "role" or "group" values of > any kind. > > How to I force either the container or the application to map any > authenticated > user to a "group" that JSPWiki will recognize? > > -Wyllys > > > TruptiP wrote: >> Hi Wyllys, >> >> I forgot to mention part from web.xml of JSPWIKI. >> >> You have to use RoleName(which you extract from LDAP authentication. in >> my >> previous mail I have given example of groups (abc,pqr)). >> Now we consider abc as a group with admin rights. So in web.xml of >> JSPwiki, >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>Administrative Area</web-resource-name> >> <url-pattern>/Delete.jsp</url-pattern> >> </web-resource-collection> >> >> <auth-constraint> >> <role-name>abc</role-name> >> </auth-constraint> >> >> <!-- <user-data-constraint> >> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >> </user-data-constraint> --> >> </security-constraint> >> >> We consider pqr group as authenticated then >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>Authenticated area</web-resource-name> >> <url-pattern>/Edit.jsp</url-pattern> >> <url-pattern>/Comment.jsp</url-pattern> >> <url-pattern>/Login.jsp</url-pattern> >> <url-pattern>/NewGroup.jsp</url-pattern> >> <url-pattern>/Rename.jsp</url-pattern> >> <url-pattern>/Upload.jsp</url-pattern> >> <http-method>DELETE</http-method> >> <http-method>GET</http-method> >> <http-method>HEAD</http-method> >> <http-method>POST</http-method> >> <http-method>PUT</http-method> >> </web-resource-collection> >> >> <web-resource-collection> >> <web-resource-name>Read-only Area</web-resource-name> >> <url-pattern>/attach</url-pattern> >> <http-method>DELETE</http-method> >> <http-method>POST</http-method> >> <http-method>PUT</http-method> >> </web-resource-collection> >> >> >> <auth-constraint> >> <role-name>pqr</role-name> >> </auth-constraint> >> >> <!-- <user-data-constraint> >> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >> </user-data-constraint> >> --> >> </security-constraint> >> >> >> If you do not take care of extracting RoleName from LDAP and using >> properly >> in web.xml, then you will get that error. >> >> Don't use Admin and Authenticated roles which are given by JSPwiki in >> web.xml. >> >> Question - If you don't know connection name and password then how you >> implemented LDAp authentication currently? If you are able to do LDAP >> authentication then just try to retireve UserRoleName. It will solve your >> problem. >> >> Regards, >> Trupti >> >> > > > -- View this message in context: http://www.nabble.com/LDAP-Login-problems-tp22636511p22716460.html Sent from the JspWiki - User mailing list archive at Nabble.com.
