Item5634: CommentPlugin doesn't work with LdapContrib and LdapUserMapping enabled

pencil
Priority: Normal
Current State: No Action Required
Released In:
Target Release: n/a
Applies To: Extension
Component: LdapContrib
Branches:
Reported By: TWiki:Main.AivoJurgenson
Waiting For:
Last Change By: MichaelDaum
When TWiki is set up with LdapContrib and LdapUserMapping, the COMMENT feature doesn't work. There is an error message that user doesn't have permissions to edit the topic, when user tries to submit a comment through the CommentPlugin.

It seems that CommentPlugin uses TWiki::Func::checkAccessPermission function to see, if the user has permission to submit comments and submits user's WikiName to this function. This function in turn uses findUserByWikiName to find out the cUID fo the user, but it seems that the LdapContrib never implemented this function in the LdapUserMapping package. Therefore the TWikiUserMapping package's findUserByWikiName gets use and because the user is not defined in the local user database nothing is found and fallback to default user "guest" is done somewhere in between.

Finally, user is denied access.

The workaround is to add the following code to the TWiki/Users/LdapUserMapping.pm, which implements the findUserByWikiName function. The example code definitely needs to be re-written for the real patch.
---++ ObjectMethod findUserByWikiName ($wikiname) -> list of cUIDs 
associated with that wikiname

Called from TWiki::Users. See the documentation of the corresponding
method in that module for details. The $skipExistanceCheck parameter
is private to this module, and blocks the standard existence check
to avoid reading .htpasswd when checking group memberships).
=cut

sub findUserByWikiName {
        my( $this, $wikiName, $skipExistanceCheck ) = @_;
        $this->{ldap}->writeDebug("Called findUserByWikiname for $wikiName");
        my @users = ();
        if ($this->isGroup( $wikiName )) {
                push( @users, $wikiName);
        } else {
                my $userName = $this->lookupWikiName($wikiName);
                $this->{ldap}->writeDebug("userName for $wikiName is $userName");
                #my $cID = $this->getCanonicalUserID( $this, $userName );
                #push (@users, $cID);
                push (@users, $userName);
        }
        $this->{ldap}->writeDebug("returning $users[0]");
        return \@users;
}

-- TWiki:Main/AivoJurgenson - 15 May 2008

There's a different fix in Item5118. At least on my test machine the CommentPlugin works again, as well as other edit plugins like the EditTablePlugin.

-- TWiki:Main.MichaelDaum - 11 Jun 2008

Works fine by now.

-- MichaelDaum - 26 Aug 2009

ItemTemplate edit

Summary CommentPlugin doesn't work with LdapContrib and LdapUserMapping enabled
ReportedBy TWiki:Main.AivoJurgenson
Codebase
SVN Range TWiki-5.0.0, Sun, 04 May 2008, build 16770
AppliesTo Extension
Component LdapContrib
Priority Normal
CurrentState No Action Required
WaitingFor
Checkins
TargetRelease n/a
ReleasedIn
Topic revision: r4 - 26 Aug 2009, MichaelDaum
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy