Question

I seem to have locked an entire organization out of one of our main TWiki webs! We've implemented apache authentication so that anyone hitting the TWiki site must first be authenticated against a local list of users (recent hacks have forced us to do this), and that seemed fine. But somehow one of the Webs has dropped off the visible list, and I can't log into TWiki as anything but my apache name (we haven't figured out the apache-to-TWiki user mapping yet), so I can't get into the WebPreferences topic and mae it visible. I've even resorted to editing the topic file in plain text on the server, but there's been no change in availability... DENYWEBVIEW was set to null, and ALLOWWEBVIEW was set to the Nobody group. In text, I've changed ALLOWWEBVIEW to include a bunch of user groups, but the change hasn't taken. How can I get it back?

Environment

-- JohnDeStefano - 23 Oct 2006

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

You set the visibility of a web with the NOSEARCHALL setting in the WebPreferences.

The ALLOWWEBVIEW seeting in the WebPreferences determines who can look at the web's content, regardless of the visibility status (such as typing a URL directly).

To test a TWiki group, create a topic in the Sandbox web, lock it down for edit with a Set ALLOWTOPICCHANGE = Main.FooBarGroup, and try to edit. Assimung te user is not be part of the TWikiAdminGroup, she can't edit the topic.

If you are using login names that are not WikiWords make sure that the user mapping is enabled in configure, and that the mapping matrix is listed properly in the Main.TWikiUsers topic.

-- PeterThoeny - 23 Oct 2006

Thank you Peter. The NOSEARCHALL variable was set to (null), and I've added a bunch of groups to ALLOWWEBVIEW, but I'm still getting "Access Denied" messages when I try to view the Web. Of course, I've had to do this via editing the topic as text in the file system, since I can't get into the Web itself in TWiki.

User mapping is enabled in configure (MapUserToWikiName)... what is the proper format or syntax for mapping between local authentication and TWiki accounts in TWikiUsers? I tried appending

-- JohnDeStefano - 24 Oct 2006

I assume I'm getting the syntax wrong, since TWiki displays my local user name instead of my wiki name, even when I click Log Out (nothing changes). If I close my browser, I'm prompted for my local login, and I can log in with that, and I can't access the TWiki without it... which, I think, means that local authentication is working, but unfortunately, TWiki user mapping is not.

-- JohnDeStefano - 24 Oct 2006

OK, maybe I'm not asking the right questions...

I see some information here: http://twiki.org/cgi-bin/view/TWiki/TWikiUserAuthentication#TWiki_Username_vs_Login_Username "TWiki can automatically map an Intranet (Login) Username to a TWiki Username if the {AllowLoginName} is enabled in configure. The default is to use your WikiName as a login name."

In my configure, {Register}{AllowLoginName} is enabled, as well as {MapUserToWikiName}. But in order to map existing TWiki user accounts to their corresponding local account, where do I set their corresponding REMOTE_USER values?

-- JohnDeStefano - 24 Oct 2006

Fix entries in your TWikiUsers to look like this:

   * JohnSmith - jsmith - 25 Oct 2006

-- PeterThoeny - 25 Oct 2006

That's it?!?! Wow, I can't believe it's that simple! Thank you. Is this documented anywhere?

-- JohnDeStefano - 25 Oct 2006

I guess it's documented now, isn't it. Thanks.

-- JohnDeStefano - 03 Nov 2006