LDAP Authentication problem

On 11/28/06, Thomas-W Hofmann <thomas-w.hofmanndb.com> wrote:
> I am currently working to get Roller LDAP
authentication to work in our
> corporate environment.
> I managed to get users authenticated using their email
address(using the
> username field) and LDAP password.
>
> Question : Once authentication is fine by LDAP how does
Roller retrieve
> the user rights from Roller db ?
> I tried to change the select statements from
daoauthentication to "SELECT
> xxx WHERE mail=(0) " but this did not work.

I haven't tried it myself but, with LDAP authentication I
believe each
user still has to register with Roller to establish an entry
in the
USER and ROLE tables. Which set of instructions (if any) did
you use
to get LDAP auth working? And out of curiousity, what LDAP
server are
you using?


> Other question : Why is there a restriction to the
username not to include
> spaces or anything except a-z,A-z,0-9 ?
> It would help to use the emailaddress as username (at
least for our
> environment)

We want username to be a URL safe string, so we stick to a
very safe
ASCII subset, but this can be configured. You can set the
allowed
character string by setting the (apparently undocumented)
property
"username.allowedChars" in your
roller-custom.properties file. The
default is "A-Za-z0-9"

- Dave

On 11/30/06, Thomas-W Hofmann <thomas-w.hofmanndb.com> wrote:
> HI Dave,
> please find comments below.
>
> After finding a thread from august/06 in roller-dev
where Elias seems to
> have done just what I need I mailed him directly.
Hopefully he will
> provide the examples and doc he did talk about.

> Another question : Where is the right place to post
bugs in 3.1 RC1 ?

Normally, I follow the mailing list comments on the RC and
list bugs the wiki:
http://rollerweblogger.org/wiki/Wiki.jsp?page=Rolle
r31Testing

But you can also report them to JIRA.
http:
//opensource.atlassian.com/projects/roller

- Dave

Thanks, I've added those to the wiki and we'll do our best
to address them.
http://rollerweblogger.org/wiki/Wiki.jsp?page=Rolle
r31Testing

- Dave



On 12/1/06, Thomas-W Hofmann <thomas-w.hofmanndb.com> wrote:
> 1       Roller : Unable to create directory in
UploadFile.jsp
>
> /roller-ui/ is hardcoded in form action of
createSubDir. The webapp
> directory is missing in fornt of the path.
>
> <%-- --------------------------
> Create directory form
> --%>
> <c:if test="${model.showingRoot}">
> <form name="createSubdir"
method="post"
>
action="/roller-ui/authoring/uploadFiles.do">
>     <input type="hidden"
name="method" value="createSubdir" />
>     <input type="hidden"
name="weblog" value='<c:out
> value="${model.website.handle}"/>'>
>     <input type="hidden"
name="path" value='<c:out
> value="${model.path}"/>'>
>
>     <b><fmt:message
key="uploadFiles.createDir" /></b>
<input type="text"
> name="newDir" size="20"
/>&nbsp;
>     <input type="submit"
value='<fmt:message
> key="uploadFiles.createDirButton" />'
/>
>
>     <br />
>     <br />
>
> </form>
> </c:if>
>
> 2       Planet Admin - Subscriptions - There is a
duplicate INSERT INTO
> RAG_GROUP_SUBSCRIPTONS statement  with switched
parameters causing
> problems. (ORACLE db)
>
> Hibernate: insert into rag_subscription (feed_url,
last_updated, site_url,
> title, author, inbound_links, inbound_blogs, id) values
(?, ?, ?, ?, ?, ?,
> ?, ?)
> Hibernate: insert into rag_group_subscription
(group_id, subscription_id)
> values (?, ?)
> Hibernate: insert into rag_group_subscription
(subscription_id, group_id)
> values (?, ?)
>
>
> 3       (all versions) someone should update the
documentation that a 10g
> JDBC driver is needed to create the first user using
ORACLE !
>
> 4       (all versions) someone should update the
documentation to include
> username.allowedChars() parameter !
>
> 5       (all versions) There are still a lot of errors
if ORACLE is used
> caused by empty form fields (i.e. description empty in
Create new Weblog)
> resulting in ORACLE ERROR 14xx  - (cannot insert null
value into table
> xxxx)
>
>
> so far ...
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
> Thomas Hofmann
>
>
>
>
> --
>
> Diese E-Mail enthaelt vertrauliche und/oder rechtlich
geschuetzte Informationen. Wenn Sie nicht der richtige
Adressat sind oder diese E-Mail irrtuemlich erhalten haben,
informieren Sie bitte sofort den Absender und vernichten Sie
diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail ist nicht gestattet.
>
> This e-mail may contain confidential and/or privileged
information. If you are not the intended recipient (or have
received this e-mail in error) please notify the sender
immediately and destroy this e-mail. Any unauthorized
copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
>

Hi,
I have also been working on the same kind of requirement.
Could you please
let me know how you did it.
An early response shall be greatly appreciated.

thanks
Dharmesh


Thomas Hofmann wrote:
> 
> Hi,
> 
> I am currently working to get Roller LDAP
authentication to work in our 
> corporate environment.
> I managed to get users authenticated using their email
address(using the 
> username field) and LDAP password. 
> 
> Question : Once authentication is fine by LDAP how does
Roller retrieve 
> the user rights from Roller db ? 
> I tried to change the select statements from
daoauthentication to "SELECT 
> xxx WHERE mail=(0) " but this did not work.
> 
> Other question : Why is there a restriction to the
username not to include 
> spaces or anything except a-z,A-z,0-9 ? 
> It would help to use the emailaddress as username (at
least for our 
> environment)
> 
> Thank you
> Thomas
> 
> 
> 
> 
> --
> 
> Diese E-Mail enthaelt vertrauliche und/oder rechtlich
geschuetzte
> Informationen. Wenn Sie nicht der richtige Adressat
sind oder diese E-Mail
> irrtuemlich erhalten haben, informieren Sie bitte
sofort den Absender und
> vernichten Sie diese Mail. Das unerlaubte Kopieren
sowie die unbefugte
> Weitergabe dieser Mail ist nicht gestattet.
> 
> This e-mail may contain confidential and/or privileged
information. If you
> are not the intended recipient (or have received this
e-mail in error)
> please notify the sender immediately and destroy this
e-mail. Any
> unauthorized copying, disclosure or distribution of the
material in this
> e-mail is strictly forbidden.
> 

-- 
View this message in context: http://www.nabble.com/LDAP-Authen
tication-problem-tf2717226s12275.html#a8074348
Sent from the Roller - User mailing list archive at
Nabble.com.