Re: ntlm with xwiki [END]

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: ntlm with xwiki [END]

Colin Tay
Hello,

I have managed to authenticate users with the Active directory through LDAP.
However, all the users i login were shown the error message
"You are not allowed to view this document or perform this action." when i
am at  http://localhost:8080/xwiki/bin/view/Main/WebHome.

I pressume the users records are not in the Xwiki database.
Where and how do i create these records when the user first logon onto xwiki?

Regards,


----- Original Message ----
From: arnaud <[hidden email]>
To: [hidden email]
Sent: Thursday, 15 November 2007 2:01:06
Subject: Re: [xwiki-devs] ntlm with xwiki [END]

hello

FYI it works !!

just had to use the createUserFromLdap from Ldap plugin class

now user are recognized by xwiki and authenticated by ntlm!  At last!



----Message d'origine----

>Date: Mon, 12 Nov 2007 22:20:27 +0100 (CET)
>De: "Jerome Velociter" <[hidden email]>
>A: "XWiki Developers" <[hidden email]>
>Sujet: Re: [xwiki-devs] ntlm with xwiki
>
>Hi Arnaud,
>
>As far as your problem, I can't really help you much as I've never
>experimented custom auth. I don't know how LDAP binds the users to actual
>XWiki users, but I suppose for this to work, you should at some point feed
>XWikiUsers documents/objects with data from LDAP. (since LDAPAuthImpl is
>only auth, maybe there is something else needed).
>Maybe you can ask this on the users list, as it is both more of a user
>issue, and you could get insights from those who actually use LDAP
>auth/user management.
>
>Good luck with this,
>Jérôme.
>
>>
>> hi again
>>
>> very sorry to disturbing you once again
>>
>> i saw that i can get request from wikicontext
>> so in my own auth class i can get my user
>> no longer need a servlet to send user to the login form
>> great everything is fine BUT
>>
>> first: i still have "you are not allowed to view this document ...." when
>> the user log in
>>
>>
>> second : i can't log out
>>
>> problem look like xwiki don't know my user
>> (in my AuthImpl i did all that it's found in LDAPAuthImpl...)
>>
>> sorry again
>> (BTW if it's not the right place to ask this kind of questions, tell me,
>> no problem...)
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ----Message d'origine----
>>>Date: Sat, 10 Nov 2007 23:19:23 +0100 (CET)
>>>De: "Jerome Velociter" <[hidden email]>
>>>A: "XWiki Developers" <[hidden email]>
>>>Copie à: [hidden email]
>>>Sujet: Re: [xwiki-devs] ntlm with xwiki
>>>
>>>Hello,
>>>>
>>>> First of all Sorry for creating a new topic
>>>>
>>>> thanks for your anwser Jerome.
>>>>
>>>> but Actually i have seen this feature
>>>>
>>>> i added jcifs and it works well
>>>> an other hand i have tested impletentetion for ldap its works too
>>>>
>>>> but i want a transparent authentication
>>>> so now the problem is :
>>>>
>>>> i would like to not have form login
>>>> i saw in code that we can define our login page with this property in
>>>> xwiki.cfg :
>>>> xwiki.authentication.loginpage (if null default is
>>>> /bin/login/XWiki/XWikiLogin)
>>>>
>>>> i've changed this property but no changes when template call
>>>>
>>>> $xwiki.getURL("XWiki.XWikiLogin", "login", "xredirect=$logredir"))
>>>>
>>>> i still got the same url : bin/login/XWiki/XWikiLogin?
>>>
>>>Actually, it's the expected behavior : the call asks for the URL of the
>>>XWiki.XWikiLogin document, under the login action and with a xredirect
>>>query string parameter. If you changed your authentication login page to
>>>XWiki.MyCustomLogin in the conf, the calls to login URL should ask for
>>>that document IMO. Also, you may have to modidy a bit the skin if you
>>> want
>>>the users to be redirected to the proper login page any case. If you are
>>>using albatross skin, you can look over global.vm and login.vm, there is
>>>also the header.vm file in the webapp/templates folder that calls for the
>>>login URL.
>>>
>>>Hope it's clear enough, as I'm not sure what you exactly want to do (In
>>>particuliar, I don't understand why you wany to post username to
>>>loginsubmit action, since you use third-party authentication).
>>>
>>>Tell us how it goes.
>>>
>>>Regards,
>>>Jerome.
>>>
>>>>
>>>>
>>>> the purpose of that is log-in link goes to my servlet , then i do ntlm
>>>> authentication (it already works), then i post user name to
>>>> /xwiki/bin/loginsubmit/XWiki/XWikiLogin
>>>>
>>>> in the same time i do my own version of authentification (get user info
>>>> (name mail,etc...) from another ldap without test of password cos
>>>> already
>>>> done with ntlm)
>>>>
>>>>
>>>> So! how can i redirect log-in page ? thanks a lot
>>>>
>>>> ------------------------------------------------------------
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Hi,
>>>>
>>>> You can implement your own version of the
>>>> com.xpn.xwiki.user.api.XWikiAuthService interface.
>>>>
>>>> There's already a LDAP impl existing (different from the XWiki default
>>>> one), so you can look over that too as an example.
>>>>
>>>> Then, you must precise in the xwiki.cfg configuration file that you
>>>> want
>>>> to use your own class, with something like
>>>>
>>>> xwiki.authentication.authclass =
>>>> com.mycompany.mypackage.MyXWikiAuthImpl
>>>>
>>>> Regards,
>>>> Jerome.
>>>>
>>>> _______________________________________________
>>>> devs mailing list
>>>> [hidden email]
>>>> http://lists.xwiki.org/mailman/listinfo/devs
>>>>
>>>
>>>
>>>_______________________________________________
>>>devs mailing list
>>>[hidden email]
>>>http://lists.xwiki.org/mailman/listinfo/devs
>>>
>>
>> _______________________________________________
>> devs mailing list
>> [hidden email]
>> http://lists.xwiki.org/mailman/listinfo/devs
>>
>
>
>_______________________________________________
>devs mailing list
>[hidden email]
>http://lists.xwiki.org/mailman/listinfo/devs
>

_______________________________________________
devs mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/devs




Real people. Real questions. Real answers. Share what you know.
_______________________________________________
devs mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/devs
Reply | Threaded
Open this post in threaded view
|

Re: ntlm with xwiki [END]

Shiva Shankar
Hi
Hate to re-open a dead thread, but this is exactly what i am trying to do.
Arnuad: Would it be possible for you to reply how you were able to do this in a little bit more detail? I will document it on xwiki.org.
Thanks!
Shiva

Colin Tay wrote
Hello,

I have managed to authenticate users with the Active directory through LDAP.
However, all the users i login were shown the error message
"You are not allowed to view this document or perform this action." when i
am at  http://localhost:8080/xwiki/bin/view/Main/WebHome.

I pressume the users records are not in the Xwiki database.
Where and how do i create these records when the user first logon onto xwiki?

Regards,


----- Original Message ----
From: arnaud <adlz@netcourrier.com>
To: devs@xwiki.org
Sent: Thursday, 15 November 2007 2:01:06
Subject: Re: [xwiki-devs] ntlm with xwiki [END]

hello

FYI it works !!

just had to use the createUserFromLdap from Ldap plugin class

 now user are recognized by xwiki and authenticated by ntlm!  At last!



----Message d'origine----
>Date: Mon, 12 Nov 2007 22:20:27 +0100 (CET)
>De: "Jerome Velociter" <jerome@xwiki.com>
>A: "XWiki Developers" <devs@xwiki.org>
>Sujet: Re: [xwiki-devs] ntlm with xwiki
>
>Hi Arnaud,
>
>As far as your problem, I can't really help you much as I've never
>experimented custom auth. I don't know how LDAP binds the users to
 actual
>XWiki users, but I suppose for this to work, you should at some point
 feed
>XWikiUsers documents/objects with data from LDAP. (since LDAPAuthImpl
 is
>only auth, maybe there is something else needed).
>Maybe you can ask this on the users list, as it is both more of a user
>issue, and you could get insights from those who actually use LDAP
>auth/user management.
>
>Good luck with this,
>Jérôme.
>
>>
>> hi again
>>
>> very sorry to disturbing you once again
>>
>> i saw that i can get request from wikicontext
>> so in my own auth class i can get my user
>> no longer need a servlet to send user to the login form
>> great everything is fine BUT
>>
>> first: i still have "you are not allowed to view this document ...."
 when
>> the user log in
>>
>>
>> second : i can't log out
>>
>> problem look like xwiki don't know my user
>> (in my AuthImpl i did all that it's found in LDAPAuthImpl...)
>>
>> sorry again
>> (BTW if it's not the right place to ask this kind of questions, tell
 me,
>> no problem...)
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ----Message d'origine----
>>>Date: Sat, 10 Nov 2007 23:19:23 +0100 (CET)
>>>De: "Jerome Velociter" <jerome@xwiki.com>
>>>A: "XWiki Developers" <devs@xwiki.org>
>>>Copie à: devs@xwiki.org
>>>Sujet: Re: [xwiki-devs] ntlm with xwiki
>>>
>>>Hello,
>>>>
>>>> First of all Sorry for creating a new topic
>>>>
>>>> thanks for your anwser Jerome.
>>>>
>>>> but Actually i have seen this feature
>>>>
>>>> i added jcifs and it works well
>>>> an other hand i have tested impletentetion for ldap its works too
>>>>
>>>> but i want a transparent authentication
>>>> so now the problem is :
>>>>
>>>> i would like to not have form login
>>>> i saw in code that we can define our login page with this property
 in
>>>> xwiki.cfg :
>>>> xwiki.authentication.loginpage (if null default is
>>>> /bin/login/XWiki/XWikiLogin)
>>>>
>>>> i've changed this property but no changes when template call
>>>>
>>>> $xwiki.getURL("XWiki.XWikiLogin", "login", "xredirect=$logredir"))
>>>>
>>>> i still got the same url : bin/login/XWiki/XWikiLogin?
>>>
>>>Actually, it's the expected behavior : the call asks for the URL of
 the
>>>XWiki.XWikiLogin document, under the login action and with a
 xredirect
>>>query string parameter. If you changed your authentication login
 page to
>>>XWiki.MyCustomLogin in the conf, the calls to login URL should ask
 for
>>>that document IMO. Also, you may have to modidy a bit the skin if
 you
>>> want
>>>the users to be redirected to the proper login page any case. If you
 are
>>>using albatross skin, you can look over global.vm and login.vm,
 there is
>>>also the header.vm file in the webapp/templates folder that calls
 for the
>>>login URL.
>>>
>>>Hope it's clear enough, as I'm not sure what you exactly want to do
 (In
>>>particuliar, I don't understand why you wany to post username to
>>>loginsubmit action, since you use third-party authentication).
>>>
>>>Tell us how it goes.
>>>
>>>Regards,
>>>Jerome.
>>>
>>>>
>>>>
>>>> the purpose of that is log-in link goes to my servlet , then i do
 ntlm
>>>> authentication (it already works), then i post user name to
>>>> /xwiki/bin/loginsubmit/XWiki/XWikiLogin
>>>>
>>>> in the same time i do my own version of authentification (get user
 info
>>>> (name mail,etc...) from another ldap without test of password cos
>>>> already
>>>> done with ntlm)
>>>>
>>>>
>>>> So! how can i redirect log-in page ? thanks a lot
>>>>
>>>> ------------------------------------------------------------
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Hi,
>>>>
>>>> You can implement your own version of the
>>>> com.xpn.xwiki.user.api.XWikiAuthService interface.
>>>>
>>>> There's already a LDAP impl existing (different from the XWiki
 default
>>>> one), so you can look over that too as an example.
>>>>
>>>> Then, you must precise in the xwiki.cfg configuration file that
 you
>>>> want
>>>> to use your own class, with something like
>>>>
>>>> xwiki.authentication.authclass =
>>>> com.mycompany.mypackage.MyXWikiAuthImpl
>>>>
>>>> Regards,
>>>> Jerome.
>>>>
>>>> _______________________________________________
>>>> devs mailing list
>>>> devs@xwiki.org
>>>> http://lists.xwiki.org/mailman/listinfo/devs
>>>>
>>>
>>>
>>>_______________________________________________
>>>devs mailing list
>>>devs@xwiki.org
>>>http://lists.xwiki.org/mailman/listinfo/devs
>>>
>>
>> _______________________________________________
>> devs mailing list
>> devs@xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/devs
>>
>
>
>_______________________________________________
>devs mailing list
>devs@xwiki.org
>http://lists.xwiki.org/mailman/listinfo/devs
>

_______________________________________________
devs mailing list
devs@xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs






     
__________________________________
Yahoo! Movies - Search movie info and celeb profiles and photos.
http://sg.movies.yahoo.com/
_______________________________________________
devs mailing list
devs@xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs