When TWiki user authorization is based on the LDAP groups and LdapContrib
is configured to cache the LDAP groups for some time and in the meanwhile new user is created to the LDAP directory, this new user is denied access to TWiki pages, because LdapContrib
cache file doesn't contain information about the new user groups membership.
Workaround is to remove the twiki/working/work_areas/LdapContrib/cache.db file and then try to access the wiki page again. LdapContrib
creates new cache.db file from fresh LDAP directory information and the users is then allowed access.
Nicer and more correct solution would be to query LDAP directory for updates in case the current cache file doesn't contain information about the user, but the authentication has succeeded, therefore the user must be valid user.
- 16 Jun 2008
Right. What is your
If you are using the
does check if this user is known or not and
will refresh this particular record if needed. If you are using
instead. This class adds exactly the check you described to the original
class. Did this work out for you?
- 17 Jun 2008
Oh, thanks for this tip, I wasn't aware of this LdapApacheLogin
manager. We'll try it out and will update this item.
- 18 Jun 2008