Question

I recently had some questions answered at LockedOutOfWeb regarding TWiki accounts versus local authentication, and how to map between the two.

This works fine for local users who already have existing TWiki accounts. But what about local users who don't yet have TWiki accounts? How does one grant these individuals permissions to webs/topics, if they don't have TWiki accounts? They can view the TWiki after logging in locally. Must they in fact register for a TWiki account to do any editing?

Is there a generic user/account that can be added to web and group permission pages?

Environment

-- JohnDeStefano - 16 Nov 2006

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

I assume with local account you mean external authentication agains LDAP or AD? Unregistered users will be able to login into TWiki. They even can create and edit topics, but their signatures will be like Main.jsmith instead of Main.JohnSmith. You could also add their login names to TWiki groups so that they can access restricted content.

A good way is to gently push unregistered users to register before editing content or accessing restricted content. I wrote a RedirectRegisterPlugin for a client that exactly does that; I am curently waiting for legal to have it released to the community.

-- PeterThoeny - 17 Nov 2006

Yes: we're authenticating local users with Kerberos and mapping them to existing TWiki names on the TWikiUsers topic.

In this case, the user didn't yet have a TWiki account. I added his local user name to TWikiUsers, but he said he couldn't edit the pages. So I created a TWiki account for him and mapped the local name to his new TWiki name, and he showed me the following error that he got:

TWiki detected an internal error - please check your TWiki logs and webserver logs for more information.
Died

Then I checked the TWiki warn logs and saw this perl error:

| 16 Nov 2006 - 15:01 | Died at /usr/lib/perl5/5.8.5/CGI/Carp.pm line 314.
 at /usr/lib/perl5/5.8.5/CGI/Carp.pm line 314
        CGI::Carp::realdie('undef') called at /usr/lib/perl5/5.8.5/CGI/Carp.pm line 385
        CGI::Carp::die() called at /var/www/twiki/lib/TWiki/Users/HtPasswdUser.pm line 262       TWiki::Users::HtPasswdUser::setEmails('TWiki::Users::HtPasswdUser=HASH(0x8770610)', 'undef', 'username@email.address') called at /var/www/twiki/lib/TWiki/User.pm line 346
        TWiki::User::setEmails('TWiki::User=HASH(0x902e068)', 'username@email.address') called at /var/www/twiki/lib/TWiki/UI/Register.pm line 802
        TWiki::UI::Register::finish('TWiki=HASH(0x876f5c4)', '/var/www/twiki/data/RegistrationApprovals') called at /var/www/twiki/lib/TWiki/UI/Register.pm line 97
        TWiki::UI::Register::register_cgi('TWiki=HASH(0x876f5c4)') called at /var/www/twiki/lib/TWiki/UI.pm line 109
        TWiki::UI::__ANON__() called at /var/www/twiki/lib/CPAN/lib///Error.pm line 379
        eval {...} called at /var/www/twiki/lib/CPAN/lib///Error.pm line 371
        Error::subs::try('CODE(0x9228514)', 'HASH(0x9294218)') called at /var/www/twiki/lib/TWiki/UI.pm line 158
        TWiki::UI::run('CODE(0x8917c64)') called

-- JohnDeStefano - 17 Nov 2006

Unfortunately the user still can't edit content. I tried deleting the user's Main topic page from More topic Actions so he could start over, but when I click Delete, nothing happens (as if the button were inactive).

I then manually deleted the user's topic and version file from the file system, and from the web permissions group. I now I get this error when I try to re-register him:

 You are already registered
You cannot register twice, the name '%PARAM1%' is already registered.
Did you want to reset %PARAM1%'s password?

-- JohnDeStefano - 17 Nov 2006

It looks like there are two bugs lurking: One for register error, one for unresolved %PARAM1% in error message. I suggest to file bugs in Bugs:WebHome.

Sitenote: 9 month after the TWiki 4 release we still have a too high bug rate; the TWiki community has some serious work to do to bring TWiki 4 at the level of "few or no bugs for production releases" as described in the TWikiMission. My personal goal is to bring TWiki 4 at least to the level of stability of the Sep 2004 release.

As a workaround, try to add the user's login name to the Set GROUP list in your group topic.

-- PeterThoeny - 17 Nov 2006

That workaround seems to work. Thanks Peter. I've opened a bug report.

-- JohnDeStefano - 28 Nov 2006

See RequireRegistrationPlugin.

-- PeterThoeny - 28 Jul 2007