• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item5634: CommentPlugin doesn't work with LdapContrib and LdapUserMapping enabled

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Extension LdapContrib Normal New MichaelDaum n/a  

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

When TWiki is set up with LdapContrib and LdapUserMapping, the COMMENT feature doesn't work. There is an error message that user doesn't have permissions to edit the topic, when user tries to submit a comment through the CommentPlugin.

It seems that CommentPlugin uses TWiki::Func::checkAccessPermission function to see, if the user has permission to submit comments and submits user's WikiName to this function. This function in turn uses findUserByWikiName to find out the cUID fo the user, but it seems that the LdapContrib never implemented this function in the LdapUserMapping package. Therefore the TWikiUserMapping package's findUserByWikiName gets use and because the user is not defined in the local user database nothing is found and fallback to default user "guest" is done somewhere in between.

Finally, user is denied access.

The workaround is to add the following code to the TWiki/Users/LdapUserMapping.pm, which implements the findUserByWikiName function. The example code definitely needs to be re-written for the real patch. 

---++ ObjectMethod findUserByWikiName ($wikiname) -> list of cUIDs 
associated with that wikiname

Called from TWiki::Users. See the documentation of the corresponding
method in that module for details. The $skipExistanceCheck parameter
is private to this module, and blocks the standard existence check
to avoid reading .htpasswd when checking group memberships).
=cut

sub findUserByWikiName {
        my( $this, $wikiName, $skipExistanceCheck ) = @_;
        $this->{ldap}->writeDebug("Called findUserByWikiname for $wikiName");
        my @users = ();
        if ($this->isGroup( $wikiName )) {
                push( @users, $wikiName);
        } else {
                my $userName = $this->lookupWikiName($wikiName);
                $this->{ldap}->writeDebug("userName for $wikiName is $userName");
                #my $cID = $this->getCanonicalUserID( $this, $userName );
                #push (@users, $cID);
                push (@users, $userName);
        }
        $this->{ldap}->writeDebug("returning $users[0]");
        return \@users;
}

-- TWiki:Main/AivoJurgenson - 15 May 2008

There's a different fix in Item5118. At least on my test machine the CommentPlugin works again, as well as other edit plugins like the EditTablePlugin.

-- TWiki:Main.MichaelDaum - 11 Jun 2008

ItemTemplate
Summary CommentPlugin doesn't work with LdapContrib and LdapUserMapping enabled
ReportedBy TWiki:Main.AivoJurgenson
Codebase 4.2.1
SVN Range TWiki-5.0.0, Sun, 04 May 2008, build 16770
AppliesTo Extension
Component LdapContrib
Priority Normal
CurrentState New
WaitingFor MichaelDaum
Checkins

TargetRelease n/a
ReleasedIn

Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r3 - 2008-06-11 - MichaelDaum
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback