• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item5705: freshly created user is denied access because LdapContrib old cache file

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Extension LdapContrib Low Waiting for Feedback TWiki:Main.AivoJurgenson n/a  

Edit Form Data

Reported By:
Applies To:
Current State:
Waiting For:
Target Release:
Released In:


When TWiki user authorization is based on the LDAP groups and LdapContrib is configured to cache the LDAP groups for some time and in the meanwhile new user is created to the LDAP directory, this new user is denied access to TWiki pages, because LdapContrib cache file doesn't contain information about the new user groups membership.

Workaround is to remove the twiki/working/work_areas/LdapContrib/cache.db file and then try to access the wiki page again. LdapContrib creates new cache.db file from fresh LDAP directory information and the users is then allowed access.

Nicer and more correct solution would be to query LDAP directory for updates in case the current cache file doesn't contain information about the user, but the authentication has succeeded, therefore the user must be valid user.

-- TWiki:Main.AivoJurgenson - 16 Jun 2008

Right. What is your $TWiki::cfg{LoginManager} setting?

If you are using the TWiki::LoginManager::TemplateLogin manager, LdapContrib does check if this user is known or not and will refresh this particular record if needed. If you are using TWiki::LoginManager::ApacheLogin, try TWiki::LoginManager::LdapApacheLogin instead. This class adds exactly the check you described to the original ApacheLogin class. Did this work out for you?

-- TWiki:Main.MichaelDaum - 17 Jun 2008

Oh, thanks for this tip, I wasn't aware of this LdapApacheLogin manager. We'll try it out and will update this item.

-- TWiki:Main.AivoJurgenson - 18 Jun 2008

Summary freshly created user is denied access because LdapContrib old cache file
ReportedBy TWiki:Main.AivoJurgenson
Codebase 4.2.0
SVN Range TWiki-5.0.0, Sun, 01 Jun 2008, build 16865
AppliesTo Extension
Component LdapContrib
Priority Low
CurrentState Waiting for Feedback
WaitingFor TWiki:Main.AivoJurgenson

TargetRelease n/a

Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r3 - 2008-06-18 - AivoJurgenson
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback