[xwiki-users] Permission error changing profile photo with LDAP integration.
I have a user as a member of the XWikiAllGroup. When using the default authentication class, she is able to change her profile photo. When I use the XWikiLDAPAuthServiceImpl authclass to integrate with LDAP, she gets a permission error "You are not allowed to view this document or perform this action" when trying to change her photo. Are there any differences in how this permission is handled across the auth service implementations, or is it likely to be an LDAP group configuration error? Thanks, Peter
On Mon, Dec 15, 2008 at 12:59 PM, Peter Moran <[email protected]> wrote:
I have a user as a member of the XWikiAllGroup. When using the default authentication class, she is able to change her profile photo. When I use the XWikiLDAPAuthServiceImpl authclass to integrate with LDAP, she gets a permission error "You are not allowed to view this document or perform this action" when trying to change her photo. Are there any differences in how this permission is handled across the auth service implementations, or is it likely to be an LDAP group configuration error?
XWikiLDAPAuthServiceImpl use the same methods as the "classical" XWiki authentication to create a new user so you should have the same right configuration on the user profile. Then it add some more informations and synchronize groups membership but this part does not touch the user profile. Which version of XWiki are you using ? Is the user has explicit edit right on its profile page (use the "Edit" -> "Page access rights" UI) ?
Thanks, Peter _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne
Hi Thomas, Thanks for the response. I am using XWiki Enterprise 1.6.1.13621. The user has explicit edit right on its profile page, so the user appears to have been created as expected (btw, I don't have an "Edit" -> "Page access rights" menu option ?). In the logs, the following entry appears when I am using the XWikiLDAPAuthServiceImpl. This does _not_ appear when using the "classic" authentication. Is this relevant? Any suggestions welcome. 10:22:31,930 [http://myserver/xwiki/bin/edit/XWiki/tester?xpage=changemyavatar] [TP-Processor2] INFO xwiki.XWikiAuthServiceImpl - User xwiki:XWiki.tester is authentified 10:22:31,931 [http://myserver/xwiki/bin/edit/XWiki/tester?xpage=changemyavatar] [TP-Processor2] INFO xwiki.XWikiRightServiceImpl - Access has been denied for (xwiki:XWiki.tester,XWiki.tester,delete): global level (delete right must be explicit) Thanks, Peter On Tue, Dec 16, 2008 at 2:36 AM, Thomas Mortagne <[email protected]> wrote:
On Mon, Dec 15, 2008 at 12:59 PM, Peter Moran <[email protected]> wrote:
I have a user as a member of the XWikiAllGroup. When using the default authentication class, she is able to change her profile photo. When I use the XWikiLDAPAuthServiceImpl authclass to integrate with LDAP, she gets a permission error "You are not allowed to view this document or perform this action" when trying to change her photo. Are there any differences in how this permission is handled across the auth service implementations, or is it likely to be an LDAP group configuration error?
XWikiLDAPAuthServiceImpl use the same methods as the "classical" XWiki authentication to create a new user so you should have the same right configuration on the user profile.
Then it add some more informations and synchronize groups membership but this part does not touch the user profile.
Which version of XWiki are you using ? Is the user has explicit edit right on its profile page (use the "Edit" -> "Page access rights" UI) ?
Thanks, Peter _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
On Tue, Dec 16, 2008 at 12:41 AM, Peter Moran <[email protected]> wrote:
Hi Thomas,
Thanks for the response. I am using XWiki Enterprise 1.6.1.13621. The user has explicit edit right on its profile page, so the user appears to have been created as expected (btw, I don't have an "Edit" -> "Page access rights" menu option ?).
In the logs, the following entry appears when I am using the XWikiLDAPAuthServiceImpl. This does _not_ appear when using the "classic" authentication. Is this relevant? Any suggestions welcome.
10:22:31,930 [http://myserver/xwiki/bin/edit/XWiki/tester?xpage=changemyavatar] [TP-Processor2] INFO xwiki.XWikiAuthServiceImpl - User xwiki:XWiki.tester is authentified 10:22:31,931 [http://myserver/xwiki/bin/edit/XWiki/tester?xpage=changemyavatar] [TP-Processor2] INFO xwiki.XWikiRightServiceImpl - Access has been denied for (xwiki:XWiki.tester,XWiki.tester,delete): global level (delete right must be explicit)
Hmm so the problem seems to be delete and not edit, which should not be needed for profile edition. I will look into this. Is the user has explicit delete right with classical authentication ?
Thanks, Peter
On Tue, Dec 16, 2008 at 2:36 AM, Thomas Mortagne <[email protected]> wrote:
On Mon, Dec 15, 2008 at 12:59 PM, Peter Moran <[email protected]> wrote:
I have a user as a member of the XWikiAllGroup. When using the default authentication class, she is able to change her profile photo. When I use the XWikiLDAPAuthServiceImpl authclass to integrate with LDAP, she gets a permission error "You are not allowed to view this document or perform this action" when trying to change her photo. Are there any differences in how this permission is handled across the auth service implementations, or is it likely to be an LDAP group configuration error?
XWikiLDAPAuthServiceImpl use the same methods as the "classical" XWiki authentication to create a new user so you should have the same right configuration on the user profile.
Then it add some more informations and synchronize groups membership but this part does not touch the user profile.
Which version of XWiki are you using ? Is the user has explicit edit right on its profile page (use the "Edit" -> "Page access rights" UI) ?
Thanks, Peter _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne
Rights are the same for both authentication types (classical and ldap)- user has explicit edit right on their user page, other rights are unset. On Tue, Dec 16, 2008 at 8:20 PM, Thomas Mortagne <[email protected]> wrote:
On Tue, Dec 16, 2008 at 12:41 AM, Peter Moran <[email protected]> wrote:
Hi Thomas,
Thanks for the response. I am using XWiki Enterprise 1.6.1.13621. The user has explicit edit right on its profile page, so the user appears to have been created as expected (btw, I don't have an "Edit" -> "Page access rights" menu option ?).
In the logs, the following entry appears when I am using the XWikiLDAPAuthServiceImpl. This does _not_ appear when using the "classic" authentication. Is this relevant? Any suggestions welcome.
10:22:31,930 [http://myserver/xwiki/bin/edit/XWiki/tester?xpage=changemyavatar] [TP-Processor2] INFO xwiki.XWikiAuthServiceImpl - User xwiki:XWiki.tester is authentified 10:22:31,931 [http://myserver/xwiki/bin/edit/XWiki/tester?xpage=changemyavatar] [TP-Processor2] INFO xwiki.XWikiRightServiceImpl - Access has been denied for (xwiki:XWiki.tester,XWiki.tester,delete): global level (delete right must be explicit)
Hmm so the problem seems to be delete and not edit, which should not be needed for profile edition. I will look into this. Is the user has explicit delete right with classical authentication ?
Thanks, Peter
On Tue, Dec 16, 2008 at 2:36 AM, Thomas Mortagne <[email protected]> wrote:
On Mon, Dec 15, 2008 at 12:59 PM, Peter Moran <[email protected]> wrote:
I have a user as a member of the XWikiAllGroup. When using the default authentication class, she is able to change her profile photo. When I use the XWikiLDAPAuthServiceImpl authclass to integrate with LDAP, she gets a permission error "You are not allowed to view this document or perform this action" when trying to change her photo. Are there any differences in how this permission is handled across the auth service implementations, or is it likely to be an LDAP group configuration error?
XWikiLDAPAuthServiceImpl use the same methods as the "classical" XWiki authentication to create a new user so you should have the same right configuration on the user profile.
Then it add some more informations and synchronize groups membership but this part does not touch the user profile.
Which version of XWiki are you using ? Is the user has explicit edit right on its profile page (use the "Edit" -> "Page access rights" UI) ?
Thanks, Peter _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
I have the same problem, my wiki installation is XWiki Enterprise 1.7.1. Thomas, do you recommend get the latest development build? Peter Moran-2 wrote:
Rights are the same for both authentication types (classical and ldap)- user has explicit edit right on their user page, other rights are unset.
On Tue, Dec 16, 2008 at 8:20 PM, Thomas Mortagne <[email protected]> wrote:
On Tue, Dec 16, 2008 at 12:41 AM, Peter Moran <[email protected]> wrote:
Hi Thomas,
Thanks for the response. I am using XWiki Enterprise 1.6.1.13621. The user has explicit edit right on its profile page, so the user appears to have been created as expected (btw, I don't have an "Edit" -> "Page access rights" menu option ?).
In the logs, the following entry appears when I am using the XWikiLDAPAuthServiceImpl. This does _not_ appear when using the "classic" authentication. Is this relevant? Any suggestions welcome.
10:22:31,930 [http://myserver/xwiki/bin/edit/XWiki/tester?xpage=changemyavatar] [TP-Processor2] INFO xwiki.XWikiAuthServiceImpl - User xwiki:XWiki.tester is authentified 10:22:31,931 [http://myserver/xwiki/bin/edit/XWiki/tester?xpage=changemyavatar] [TP-Processor2] INFO xwiki.XWikiRightServiceImpl - Access has been denied for (xwiki:XWiki.tester,XWiki.tester,delete): global level (delete right must be explicit)
Hmm so the problem seems to be delete and not edit, which should not be needed for profile edition. I will look into this. Is the user has explicit delete right with classical authentication ?
Thanks, Peter
On Tue, Dec 16, 2008 at 2:36 AM, Thomas Mortagne <[email protected]> wrote:
On Mon, Dec 15, 2008 at 12:59 PM, Peter Moran <[email protected]> wrote:
I have a user as a member of the XWikiAllGroup. When using the default authentication class, she is able to change her profile photo. When I use the XWikiLDAPAuthServiceImpl authclass to integrate with LDAP, she gets a permission error "You are not allowed to view this document or perform this action" when trying to change her photo. Are there any differences in how this permission is handled across the auth service implementations, or is it likely to be an LDAP group configuration error?
XWikiLDAPAuthServiceImpl use the same methods as the "classical" XWiki authentication to create a new user so you should have the same right configuration on the user profile.
Then it add some more informations and synchronize groups membership but this part does not touch the user profile.
Which version of XWiki are you using ? Is the user has explicit edit right on its profile page (use the "Edit" -> "Page access rights" UI) ?
Thanks, Peter _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- View this message in context: http://n2.nabble.com/Permission-error-changing-profile-photo-with-LDAP-integ... Sent from the XWiki- Users mailing list archive at Nabble.com.
participants (4)
-
Peter Moran -
Peter Moran -
Thomas Mortagne -
Villas82