Re: [xwiki-users] XWiki and Kerberos SSO: authorization checks fail

Same happens with AppServerTrustedKerberosAuthServiceImpl - user gets created (I've checked in xwikidoc table), "edit" right is passed as parameter to createEmptyUser method (not sure where to check in the db if right has actually been applied), but still all the pages including main home page report error "You are not allowed to view this document or perform this action.". Maybe it has to do with fact that user is first created (automatically just by visiting) and only after that I import initial content (xwiki-enterprise-wiki-1.8-rc-1.xar). Authentication page in admin guide mentions authkerb.jar - this jar is nowhere to be found, but also seems not to be required. One other issue is if instead "empty" I configure "xwiki.authentication.createuser=ldap", when obtaining user details plugin wrongly tries to bind only with principal/username - binding with admin account then search should be tried as well, just like XWikiLDAPAuthServiceImpl seems to work/fallback to. If just "empty" user would work I'd be satisfied. I've checked out source but can not find what is wrong. Btw, source code doesn't look to be in good shape - XWiki class is huge, XWikiLDAPAuthServiceImpl has some important TODOs, XWikiRightServiceImpl's checkRight and hasAccessLevel methods are very long, lots of non externalized messages, magic values, ... Any thoughts on where to look for solution to this access rights issue would be appreciated. Thanks in advance! Regards, Stevo. On Thu, Feb 26, 2009 at 5:21 PM, Stevo Slavić <sslavic(a)gmail.com> wrote: