bogartlisa Posted September 12, 2013 Share Posted September 12, 2013 I recently upgraded from 5.0 to CE 5.2 and am having a few odd problems surrounding administrative capablitities:1.) I am configured for LDAP auth and when I log in with an external LDAP account to which I have perviously assigned the ROLE_ADMINISTRATOR role, I notice that the ROLE_ADMINISTRATOR role is removed from the set of roles assigned to this user (I see that the role is removed in the JIUserRole table) and this user cannot perform the needed administrative functions. I am forced to perform admin functions with one of the jasperserver internally defined userids which leads me to my next problem.2.) When I log in as the jasperadmin account that has the ROLE_ADMINISTRATOR role in IE9, I sometimes do not have the Manage or View menu options. Seems to work fine so far in Firefox. I did not notice this issue prior to upgrading to 5.2. Clearing my cache does not seem to resolve the problem. Sometimes the menu options appear and sometimes they do not. I have yet to identify why they sometimes display and other times do not. Thinking this could perhaps be related to sessions on the server??? Link to comment Share on other sites More sharing options...
elizam Posted September 12, 2013 Share Posted September 12, 2013 The rules around manual assignment of internal roles for external users changed from 5.1 to 5.2.General scenario: You have LDAP, you have a mapping that maps some external role or group in your LDAP to an internal role in JRS, in this case ROLE_ADMINISTRATOR. You can also manually assign ROLE_ADMINISTRATOR to an external user using the JRS interface. What happens if you remove the role in LDAP that maps to ROLE_ADMINISTRATOR in JRS? Or if you assign ROLE_ADMINISTRATOR to an external user that doesn't get it from your LDAP?5.1 and earlier: The role assigned in JRS wins. So if you get ROLE_ADMINISTRATOR from your LDAP once, it is not removed, even if later you remove the "precursor" in your LDAP. Also true of manual assignment.5.2: The role in LDAP wins. So if you remove the "precursor" in LDAP, or if the user never had it, ROLE_ADMINISTRATOR gets removed in JRS. Also true of manual assignment.This should only apply to roles that are configured in the context file. So one option would be to remove the mapping to ROLE_ADMINISTRATOR from your context file and assign the role manually. It should then stick.I have no idea where (2) is coming from. I suggest putting that in the tracker. Link to comment Share on other sites More sharing options...
maicotamanho Posted October 4, 2013 Share Posted October 4, 2013 Hello,I had the same problem when upgrading from version 5.1 to 5.2.Could circumvent the footsteps of the post below:http://community.jaspersoft.com/wiki/internal-role-mapped-externally-authenticate-active-directory-user-through-ldap-got-deleted Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now