My LDAP Record does have a field that identifies groups within the company,
"departmentnumber".
I guess I need to figure out how to set up my server.xml to turn those
values into Roles that JSPWiki can recognize.
My big issue with this whole thing is that JSPWiki seems to assume that you
must have this group/role mapping stuff. It already knows that my users
are authenticated, why isn't that good enough or why can it not
automatically map those authenticated users to the "Authenticated" role?
-Wyllys
TruptiP wrote:
Hi wyllys,
There may be different different name given to groups in your LDAP. In every
organization they may set different Name to Rule.
e.g. comany name is = IBM
then there may be role
IBMGroups = IBMALL
IBMGroups = IBMDevelopment
IBMGroups = IBMSupport
IBMGroups = IBMResearch
Now here, every employee may be member of 1 or many groups.
IBMALL contain all employees. SO employee is member of IBMALL and also
member of group according to department.
SO while retriving role, you need to use IBMGroups and while giving rights
in web.xml of JSPWIki you need to use IBMALL or IBMDEvelopment etc.
Now, find out which Role you are going to use it( e.g. memberOf or
ObjectClass)
I hope this will help you
Regards,
Trupti Patil
Wyllys Ingersoll wrote:
I'm not clear on the issue of roles and groups when authenticating to
LDAP.
My LDAP server does not return that data for any users. I can query the
full LDAP record for myself and there are no "role" or "group" values of
any kind.
How to I force either the container or the application to map any
authenticated
user to a "group" that JSPWiki will recognize?
-Wyllys
TruptiP wrote:
Hi Wyllys,
I forgot to mention part from web.xml of JSPWIKI.
You have to use RoleName(which you extract from LDAP authentication. in
my
previous mail I have given example of groups (abc,pqr)).
Now we consider abc as a group with admin rights. So in web.xml of
JSPwiki,
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrative Area</web-resource-name>
<url-pattern>/Delete.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>abc</role-name>
</auth-constraint>
<!-- <user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint> -->
</security-constraint>
We consider pqr group as authenticated then
<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated area</web-resource-name>
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<url-pattern>/NewGroup.jsp</url-pattern>
<url-pattern>/Rename.jsp</url-pattern>
<url-pattern>/Upload.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Read-only Area</web-resource-name>
<url-pattern>/attach</url-pattern>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>pqr</role-name>
</auth-constraint>
<!-- <user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
-->
</security-constraint>
If you do not take care of extracting RoleName from LDAP and using
properly
in web.xml, then you will get that error.
Don't use Admin and Authenticated roles which are given by JSPwiki in
web.xml.
Question - If you don't know connection name and password then how you
implemented LDAp authentication currently? If you are able to do LDAP
authentication then just try to retireve UserRoleName. It will solve your
problem.
Regards,
Trupti
