I set up my wiki last week to use LDAP for authentication, but maintain roles in the wiki database. I struggled a bit with the directions on the page being a bit vague. Specifically there are sections that refer to commenting out the authentication provider configuration "above", but there are two sets of that information depending on which configuration you are going for.
Also there are parts of each of the top 2 authentication secions that must be left in place for everything to work, but i did not see that in the directions. I was not able to get the LDAP authentication #2 example to work as it is documented.
It is using some variable substitution based on part of the LDAP #1 setup, but when i tried it that way, it kept telling me it could not parse the LDAP url. I ended up taking out the variable substitution and putting my LDAP connection info directly into the second example and everything started working.
Lastly, we may want to make an enhancement that would allow both local and LDAP authentication. The way it is now, the admin account stops working once the authentication is moved over to LDAP. I would think there should be a facility to always authenticate locally in case there are LDAP problems afoot or in case LDAP authentication is turned on before the proper admin type accounts are set up.
dkp • (comments)
Archived from the Feedback page:
Ok, 0.8.4 is still running, but I have one problem: after having had a short exchange with you three years ago I made a change to WEB-INF/applicationContext-acegi-security.xml by inserting
and creation a special role. That was to allow the creation of special articles only accessible for the members of that role. It worked fine in 0.6.0... on updating to 0.8.4 I saved that file and copied it to the directory after installation (what was presumably a bit naive... ;-) ). Now everyone is able to access these files and I am forced to shutdown the wiki, because the "only admins" button for one of these articles didn't work, I was able to view that article although being logged out. Any idea, Ryan? Thanks in advance! Frank 28-Sep-2010 07:26 PDT
applicationContext-acegi-security.xmlwas renamed to
applicationContext-security.xmland the old file won't be read any longer. Configuration#Spring Security has an overview of how the security configuration file works, but what you'll want to do is to add a new "intercept-url" pattern that looks like:
<intercept-url pattern="/**/NurDV/**" access="ROLE_ABT_DV" />
Special:Edit?topic=NurDV. That's a bit tricky, so please let me know if you have any questions. -- Ryan • (comments) • 28-Sep-2010 08:44 PDT
<intercept-url pattern="/(.)+/Special\:(.)+\=NurDV" access="ROLE_ABT_DV" /> <intercept-url pattern="/(.)+/NurDV/(.)+" access="ROLE_ABT_DV" />