29 Apr
2005
29 Apr
'05
11:28 a.m.
Hi Jiri,
Thanks for this
information.
What about using a template like in java.text.Format object for ldap_bind_DN
and ldap_bind_Password, user and password being parameters
ldap_bind_DN = "DOMAIN\\{0}"
ldap_bind_pass = "{1}"
This way we only use one parameter to define binding strategy.
In this case we still need to make a search to find DN in case we need to
create the user in XWiki. Or we can also use a simple format such as :
ldap_DN_format="CN={0},CN=Users,DC=domain,DC=com"
You're right, but in the future we may want to provide Xwiki > LDAP
synchronization
For mapping LDAP/AD groups to XWiki group, I kind of postponed this task as
it not so easy to provide a general LDAP solution. There is no memberOf
field in Open-LDAP for exemple, so in AD it is easier to find which groups a
user belong (using his memberOf field).
The fact I didn't only bind the user to check
the password is that in
some
case where directory structure is complex I
can't guess the DN out of the
user name...
Active directory allows more ways to authenticate user when binding:
- Distinguished Name (only works with simple bind)
- NT account name (domain\samAccountName) (always works with simple or
secure bind)
- UserPrincipalName (user(a)domain.com) (always works with simple or
secure bind IF it is defined; is not required attribute)
- sAMAcountName (user) (only works with AD secure bind) Anyway if in your case DN can be guessed out of
user name, I think not
setting ldap_bind_DN could do the trick
I cannot guess full DN because it consists of a company personal ID.
What I use is the domain\samAccountName way where samAccountName
equals to XWiki user name. Because the account name is combined name
DOMAIN + "\" + USERNAME it would be nice if there is a new parameter
introduced e.g. ldap_bind_addomain which will be then used when
constructing userDN before using in the Bind method.
Another problem of using a dedicated ldap_bind_DN (comparing to using
of the user's DN only) is the need to have a special system account on
AD which I can hardly imagine I will get it approved by our sys
admins.
And beside I'll investigate into adding proper
AD support (guess I'll
have
to install WS2003
I don't think there is another possibility than the introducing of a
SSL stack, which is unnecessary overhead if you need just
authentication and not changing of password, IMHO.
As I don't want to bind twice, I use
comparison of
password (so I don't really read password).
Even for this comparison I get "attribute not find" from AD. I also
was trying a more attributes names like "unicodePwd" but no success...
As for CreateUserFromLDAP, it's a very first
version, and I'm looking for
comments about it.
What would be interesting is to add a support of plugging custom
mapping logic. We will need it for extracting a substring of an LDAP
attribute and assigning user to a XWiki group based on LDAP grouping.
Thank you,
Jiri.
On Thu, 28 Apr 2005 22:35:08 +0200, you wrote:
Hi Jiri
The fact I didn't only bind the user to check the password is that in
some
case where directory structure is complex I
can't guess the DN out of the
user name, so I first need to make a search, binding anonymously or with
binding DN/password. As I don't want to bind twice, I use comparison of
password (so I don't really read password).
Anyway if in your case DN can be guessed out of user name, I think not
setting ldap_bind_DN could do the trick, maybe with some minor
modification
to the code. If you could send me the patch you
made I can find a way to
make it "clean".
And beside I'll investigate into adding proper AD support (guess I'll
have
to install WS2003).
As for CreateUserFromLDAP, it's a very first version, and I'm looking for
comments about it.
Alexis KARTMANN
email : alexis(a)kartmann.com
Blog : http://www.kartmann.com
ICQ : 258922616
Yahoo : akartmann
MSN : alexis(a)kartmann.com
AIM : alexkartmann
Jabber : akartmann(a)jabber.fr
Spype : alexkartmann
-----Message d'origine-----
De : Jiri Luzny [mailto:jiri.luzny@seznam.cz]
Envoyé : jeudi 28 avril 2005 21:40
? : xwiki-dev(a)objectweb.org
Objet : Re: [xwiki-dev] LDAP integration status
Hi Alexis,
I'm testing the LDAP stuff with Active Directory and it is *almost*
working fine. ;-)
The problem is in LDAPAuthServiceImpl.checkUserPassword() when you try
to read "userPassword" in order to check the password. As I understood
from reading of various articles, Active Directory requires a strong
encryption even for a read-only access to the "userPassword"
("unicodePwd") attribute. Here are some links:
http://forum.java.sun.com/thread.jspa?threadID=592611&messageID=3100133
http://mail.jabber.org/pipermail/jadmin/2002-January/003278.html
Is there any specific reason why you cannot just simply rely on bind()
with either DN or username and password to authenticate the user? I
commented out the userPassword check and assigned return value of
Bind() method to the result (not using ldap_bind_DN at all) and it is
working fine.
Anyway, thanks for this piece of code (especially the newly committed
CreateUserFromLDAP() feature is cool).
Jiri.
On Wed, 27 Apr 2005 16:05:52 +0200, you wrote:
>Hi,
>I'm working on LDAP integration.
>The current status is:
>- Password can be checked against LDAP server using different
strategies.
>- User must exist in XWiki database.
>These functions are available for SVN version on openweb, but not of
latest
>binary release. I still need to provide
documentation on how-to use it.
>I have plans to had:
>- Automatic transfer of user from LDAP to XWiki first time a user
connects.
- Update
of user fields from LDAP to XWiki.
- Mass transfer/update from LDAP to XWiki.
If you're willing to build latest version I can provide you help testing
this on your environment. I only tested with Open-LDAP server and I'm
curious to learn how it works with other servers.
Alexis KARTMANN
email : alexis(a)kartmann.com
Blog : http://www.kartmann.com
Jabber : akartmann(a)jabber.fr
-----Message d'origine-----
De : Jiri Luzny [mailto:jiri.luzny@seznam.cz]
Envoyé : mercredi 27 avril 2005 15:28
? : xwiki-dev(a)objectweb.org
Objet : [xwiki-dev] LDAP integration status
Hi,
as we plan to integrate XWiki user management with Active Directory in
our company, I'm curious what is the status of LDAP Integration. Is it
testable? If so, I would be happy to become a beta tester for this ;-)
Jiri.
29 Apr
29 Apr
1:16 p.m.
New subject: [xwiki-dev] LDAP integration status
What about using a template like in java.text.Format
object for ldap_bind_DN
and ldap_bind_Password, user and password being parameters
ldap_bind_DN = "DOMAIN\\{0}"
ldap_bind_pass = "{1}"
this is better...
This way we only use one parameter to define binding
strategy.
In this case we still need to make a search to find DN in case we need to
create the user in XWiki. Or we can also use a simple format such as :
ldap_DN_format="CN={0},CN=Users,DC=domain,DC=com"
This won't for us because the DN format in our AD is: "CN={lastname}
{firstname} {personalID},OU=Accounts,OU=All
Users,DC=ad,DC=company,DC=cz"
what about to allow to configure attribute=value pairs that will be
used for DN search? E.g ldap_DN_filter="AMAccountName=luzny_j"?
For mapping LDAP/AD groups to XWiki group, I kind of
postponed this task as
it not so easy to provide a general LDAP solution.
One more reason to allow to plug a custom mapping logic ;-)
On Fri, 29 Apr 2005 11:28:00 +0200, you wrote:
>Hi Jiri,
>>
>> >The fact I didn't only bind the user to check the password is that in
>> some
>> >case where directory structure is complex I can't guess the DN out of
the
>> >user name...
>>
>> Active directory allows more ways to authenticate user when binding:
>> - Distinguished Name (only works with simple bind)
>> - NT account name (domain\samAccountName) (always works with simple or
>> secure bind)
>> - UserPrincipalName (user(a)domain.com) (always works with simple or
>> secure bind IF it is defined; is not required attribute)
>> - sAMAcountName (user) (only works with AD secure bind)
>Thanks for this information.
>
>>
>>
>> >Anyway if in your case DN can be guessed out of user name, I think not
>> >setting ldap_bind_DN could do the trick
>>
>> I cannot guess full DN because it consists of a company personal ID.
>> What I use is the domain\samAccountName way where samAccountName
>> equals to XWiki user name. Because the account name is combined name
>> DOMAIN + "\" + USERNAME it would be nice if there is a new parameter
>> introduced e.g. ldap_bind_addomain which will be then used when
>> constructing userDN before using in the Bind method.
>> Another problem of using a dedicated ldap_bind_DN (comparing to using
>> of the user's DN only) is the need to have a special system account on
>> AD which I can hardly imagine I will get it approved by our sys
>> admins.
>>
What about using a template like in java.text.Format
object for ldap_bind_DN
and ldap_bind_Password, user and password being parameters
ldap_bind_DN = "DOMAIN\\{0}"
ldap_bind_pass = "{1}"
This way we only use one parameter to define binding strategy.
In this case we still need to make a search to find DN in case we need to
create the user in XWiki. Or we can also use a simple format such as :
ldap_DN_format="CN={0},CN=Users,DC=domain,DC=com"
>
>>
>> >And beside I'll investigate into adding proper AD support (guess
I'll
>> have
>> >to install WS2003
>>
>> I don't think there is another possibility than the introducing of a
>> SSL stack, which is unnecessary overhead if you need just
>> authentication and not changing of password, IMHO.
>>
>You're right, but in the future we may want to provide Xwiki > LDAP
>synchronization
>>
>> >As I don't want to bind twice, I use comparison of
>> >password (so I don't really read password).
>>
>> Even for this comparison I get "attribute not find" from AD. I also
>> was trying a more attributes names like "unicodePwd" but no success...
>>
>>
>> >As for CreateUserFromLDAP, it's a very first version, and I'm looking
for
>> >comments about it.
>>
>> What would be interesting is to add a support of plugging custom
>> mapping logic. We will need it for extracting a substring of an LDAP
>> attribute and assigning user to a XWiki group based on LDAP grouping.
>>
>For mapping LDAP/AD groups to XWiki group, I kind of postponed this task as
>it not so easy to provide a general LDAP solution. There is no memberOf
>field in Open-LDAP for exemple, so in AD it is easier to find which groups a
>user belong (using his memberOf field).
>>
>> Thank you,
>> Jiri.
>>
>>
1:52 p.m.
New subject: [xwiki-dev] LDAP integration status
-----Message d'origine-----
De : Jiri Luzny [mailto:jiri.luzny@seznam.cz]
Envoyé : vendredi 29 avril 2005 13:20
À : xwiki-dev(a)objectweb.org
Objet : Re: [xwiki-dev] LDAP integration status
This could be done simply setting ldap_base_DN and ldap_UID_attr
ldap_base_DN = "OU=Accounts,OU=All Users,DC=ad,DC=company,DC=cz"
ldap_UID_attr = "sAMAccountName"
With the last version I just commit in SVN that support this syntax :
ldap_bind_DN = "DOMAIN\\{0}"
ldap_bind_pass = "{1}"
the only thing that need to be done is removing check on password.
Am I right ?
what about to allow to configure attribute=value
pairs that will be used
for DN search? E.g
ldap_DN_filter="AMAccountName=luzny_j"?
I meant: ldap_DN_filter="sAMAccountName={0}"
4:44 p.m.
New subject: [xwiki-dev] LDAP integration status
With the latest SVN code and setting ldap_check_level to 1 the
authentication works fine with AD!
Also testTransfertUserFromLDAP() runs correctly when
ldap_fields_mapping changed to "name=sAMAccountName,...".
Thank you very much,
Jiri.
On Fri, 29 Apr 2005 13:52:02 +0200, you wrote:
-----Message d'origine-----
De : Jiri Luzny [mailto:jiri.luzny@seznam.cz]
Envoyé : vendredi 29 avril 2005 13:20
? : xwiki-dev(a)objectweb.org
Objet : Re: [xwiki-dev] LDAP integration status
This could be done simply setting ldap_base_DN and ldap_UID_attr
ldap_base_DN = "OU=Accounts,OU=All Users,DC=ad,DC=company,DC=cz"
ldap_UID_attr = "sAMAccountName"
With the last version I just commit in SVN that support this syntax :
ldap_bind_DN = "DOMAIN\\{0}"
ldap_bind_pass = "{1}"
the only thing that need to be done is removing check on password.
Am I right ?
what about to allow to configure attribute=value
pairs that will be used
for DN search? E.g
ldap_DN_filter="AMAccountName=luzny_j"?
I meant: ldap_DN_filter="sAMAccountName={0}"
4:51 p.m.
New subject: [xwiki-dev] LDAP integration status
Thanks a lot to you Jiri for the help and testing.. Alex with your help
has done a great job.
We'll be testing this for IRCAD next week on a real production
environnement.
Are you doing the same on your end ? If so, could you write a small
configuration documentation for Active Directory ?
Ludovic
Jiri Luzny a écrit :
With the latest SVN code and setting ldap_check_level
to 1 the
authentication works fine with AD!
Also testTransfertUserFromLDAP() runs correctly when
ldap_fields_mapping changed to "name=sAMAccountName,...".
Thank you very much,
Jiri.
On Fri, 29 Apr 2005 13:52:02 +0200, you wrote:
------------------------------------------------------------------------
--
You receive this message as a subscriber of the xwiki-dev(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-dev-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
--
Ludovic Dubost
XPertNet: http://www.xpertnet.fr/
Blog: http://www.ludovic.org/blog/
XWiki: http://www.xwiki.com
Skype: ldubost AIM: nvludo Yahoo: ludovic
-----Message d'origine-----
De : Jiri Luzny [mailto:jiri.luzny@seznam.cz]
Envoyé : vendredi 29 avril 2005 13:20
? : xwiki-dev(a)objectweb.org
Objet : Re: [xwiki-dev] LDAP integration status
This could be done simply setting ldap_base_DN and ldap_UID_attr
ldap_base_DN = "OU=Accounts,OU=All Users,DC=ad,DC=company,DC=cz"
ldap_UID_attr = "sAMAccountName"
With the last version I just commit in SVN that support this syntax :
ldap_bind_DN = "DOMAIN\\{0}"
ldap_bind_pass = "{1}"
the only thing that need to be done is removing check on password.
Am I right ?
what about to allow to configure attribute=value
pairs that will be used
for DN search? E.g ldap_DN_filter="AMAccountName=luzny_j"?
I meant: ldap_DN_filter="sAMAccountName={0}"
8:34 a.m.
New subject: [xwiki-dev] LDAP integration status
Thanks Jiri for your support.
I just commited a new version with a fix for the small bug you just told me
on IRC : a non-set value of ldap conf shouldn't fire a null pointer
exception anymore.
Alexis KARTMANN
email : alexis(a)kartmann.com
Blog : http://www.kartmann.com
Jabber : akartmann(a)jabber.fr
-----Message d'origine-----
De : Ludovic Dubost [mailto:ludovic@xwiki.org]
Envoyé : vendredi 29 avril 2005 16:52
À : xwiki-dev(a)objectweb.org
Objet : Re: [xwiki-dev] LDAP integration status
Thanks a lot to you Jiri for the help and testing.. Alex with your help
has done a great job.
We'll be testing this for IRCAD next week on a real production
environnement.
Are you doing the same on your end ? If so, could you write a small
configuration documentation for Active Directory ?
Ludovic
Jiri Luzny a écrit :
------------------------------------------------------------------------
--
You receive this message as a subscriber of the xwiki-dev(a)objectweb.org mailing
list.
With the latest SVN code and setting
ldap_check_level to 1 the
authentication works fine with AD!
Also testTransfertUserFromLDAP() runs correctly when
ldap_fields_mapping changed to "name=sAMAccountName,...".
Thank you very much,
Jiri.
On Fri, 29 Apr 2005 13:52:02 +0200, you wrote:
>
>
>>-----Message d'origine-----
>>De : Jiri Luzny [mailto:jiri.luzny@seznam.cz]
>>Envoyé : vendredi 29 avril 2005 13:20
>>? : xwiki-dev(a)objectweb.org
>>Objet : Re: [xwiki-dev] LDAP integration status
>>
>>
>>
>>>what about to allow to configure attribute=value pairs that will be
used
>
>
for DN search? E.g ldap_DN_filter="AMAccountName=luzny_j"?
I meant: ldap_DN_filter="sAMAccountName={0}"
This could be done simply setting ldap_base_DN and ldap_UID_attr
ldap_base_DN = "OU=Accounts,OU=All Users,DC=ad,DC=company,DC=cz"
ldap_UID_attr = "sAMAccountName"
With the last version I just commit in SVN that support this syntax :
ldap_bind_DN = "DOMAIN\\{0}"
ldap_bind_pass = "{1}"
the only thing that need to be done is removing check on password.
Am I right ?
To unsubscribe:
mailto:xwiki-dev-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
--
Ludovic Dubost
XPertNet: http://www.xpertnet.fr/
Blog: http://www.ludovic.org/blog/
XWiki: http://www.xwiki.com
Skype: ldubost AIM: nvludo Yahoo: ludovic
30 Apr
30 Apr
7:56 a.m.
New subject: [xwiki-dev] LDAP integration status
Hi Ludovic,
what I did was running testCheckLogonWithUserBind() and
testTransfertUserFromLDAP() tests against our real production AD.
On Monday next week I will try to fully integrate it to our production
XWiki instance and will write the small how-to.
Jiri.
I was running the
On Fri, 29 Apr 2005 16:51:57 +0200, you wrote:
Thanks a lot to you Jiri for the help and testing.. Alex with your help
has done a great job.
We'll be testing this for IRCAD next week on a real production
environnement.
Are you doing the same on your end ? If so, could you write a small
configuration documentation for Active Directory ?
Ludovic
Jiri Luzny a écrit :
>With the latest SVN code and setting ldap_check_level to 1 the
>authentication works fine with AD!
>Also testTransfertUserFromLDAP() runs correctly when
>ldap_fields_mapping changed to "name=sAMAccountName,...".
>
>Thank you very much,
>Jiri.
>
>On Fri, 29 Apr 2005 13:52:02 +0200, you wrote:
>
>
>
>>
>>
>>>-----Message d'origine-----
>>>De : Jiri Luzny [mailto:jiri.luzny@seznam.cz]
>>>Envoyé : vendredi 29 avril 2005 13:20
>>>? : xwiki-dev(a)objectweb.org
>>>Objet : Re: [xwiki-dev] LDAP integration status
>>>
>>>
>>>
>>>>what about to allow to configure attribute=value pairs that will be used
>>>>
>>>>
>>>for DN search? E.g ldap_DN_filter="AMAccountName=luzny_j"?
>>>
>>>I meant: ldap_DN_filter="sAMAccountName={0}"
>>>
>>>
>>>
>>>
>>This could be done simply setting ldap_base_DN and ldap_UID_attr
>>
>>ldap_base_DN = "OU=Accounts,OU=All Users,DC=ad,DC=company,DC=cz"
>>ldap_UID_attr = "sAMAccountName"
>>
>>With the last version I just commit in SVN that support this syntax :
>>ldap_bind_DN = "DOMAIN\\{0}"
>>ldap_bind_pass = "{1}"
>>the only thing that need to be done is removing check on password.
>>
>>Am I right ?
>>
>>
>>
>>
>
>
>
>
>
>------------------------------------------------------------------------
>
>
>--
>You receive this message as a subscriber of the xwiki-dev(a)objectweb.org mailing list.
>To unsubscribe: mailto:xwiki-dev-unsubscribe@objectweb.org
>For general help: mailto:sympa@objectweb.org?subject=help
>ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>
>
2 May
2 May
6 p.m.
New subject: [xwiki-dev] LDAP integration status
you can find the small how-to here:
http://www.xwiki.org/xwiki/bin/view/Dev/LDAPIntegrationAD
Jiri.
On Sat, 30 Apr 2005 07:56:01 +0200, you wrote:
Hi Ludovic,
what I did was running testCheckLogonWithUserBind() and
testTransfertUserFromLDAP() tests against our real production AD.
On Monday next week I will try to fully integrate it to our production
XWiki instance and will write the small how-to.
Jiri.
I was running the
On Fri, 29 Apr 2005 16:51:57 +0200, you wrote:
Thanks a lot to you Jiri for the help and testing.. Alex with your help
has done a great job.
We'll be testing this for IRCAD next week on a real production
environnement.
Are you doing the same on your end ? If so, could you write a small
configuration documentation for Active Directory ?
Ludovic
Jiri Luzny a écrit :
>With the latest SVN code and setting ldap_check_level to 1 the
>authentication works fine with AD!
>Also testTransfertUserFromLDAP() runs correctly when
>ldap_fields_mapping changed to "name=sAMAccountName,...".
>
>Thank you very much,
>Jiri.
>
>On Fri, 29 Apr 2005 13:52:02 +0200, you wrote:
>
>
>
>>
>>
>>>-----Message d'origine-----
>>>De : Jiri Luzny [mailto:jiri.luzny@seznam.cz]
>>>Envoyé : vendredi 29 avril 2005 13:20
>>>? : xwiki-dev(a)objectweb.org
>>>Objet : Re: [xwiki-dev] LDAP integration status
>>>
>>>
>>>
>>>>what about to allow to configure attribute=value pairs that will be used
>>>>
>>>>
>>>for DN search? E.g ldap_DN_filter="AMAccountName=luzny_j"?
>>>
>>>I meant: ldap_DN_filter="sAMAccountName={0}"
>>>
>>>
>>>
>>>
>>This could be done simply setting ldap_base_DN and ldap_UID_attr
>>
>>ldap_base_DN = "OU=Accounts,OU=All Users,DC=ad,DC=company,DC=cz"
>>ldap_UID_attr = "sAMAccountName"
>>
>>With the last version I just commit in SVN that support this syntax :
>>ldap_bind_DN = "DOMAIN\\{0}"
>>ldap_bind_pass = "{1}"
>>the only thing that need to be done is removing check on password.
>>
>>Am I right ?
>>
>>
>>
>>
>
>
>
>
>
>------------------------------------------------------------------------
>
>
>--
>You receive this message as a subscriber of the xwiki-dev(a)objectweb.org mailing list.
>To unsubscribe: mailto:xwiki-dev-unsubscribe@objectweb.org
>For general help: mailto:sympa@objectweb.org?subject=help
>ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>
>
11:41 p.m.
New subject: [xwiki-dev] LDAP integration status
Thanks a lot.. With the changes I made the other day, it is possible to
put the LDAP config on xwiki.cfg which allows not to have to edit the
XWiki.XWikiPreferences class.
Now I think I'm going to use the xwiki.authentication.ldap param to
automatically enhance the XWiki.XWikiPreferences class and add the
needed fields in the editprefs form.
Ludovic
Jiri Luzny a écrit :
you can find the small how-to here:
http://www.xwiki.org/xwiki/bin/view/Dev/LDAPIntegrationAD
Jiri.
On Sat, 30 Apr 2005 07:56:01 +0200, you wrote:
--
Ludovic Dubost
XPertNet: http://www.xpertnet.fr/
Blog: http://www.ludovic.org/blog/
XWiki: http://www.xwiki.com
Skype: ldubost AIM: nvludo Yahoo: ludovic
Hi Ludovic,
what I did was running testCheckLogonWithUserBind() and
testTransfertUserFromLDAP() tests against our real production AD.
On Monday next week I will try to fully integrate it to our production
XWiki instance and will write the small how-to.
Jiri.
I was running the
On Fri, 29 Apr 2005 16:51:57 +0200, you wrote:
------------------------------------------------------------------------
--
You receive this message as a subscriber of the xwiki-dev(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-dev-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Thanks a lot to you Jiri for the help and
testing.. Alex with your help
has done a great job.
We'll be testing this for IRCAD next week on a real production
environnement.
Are you doing the same on your end ? If so, could you write a small
configuration documentation for Active Directory ?
Ludovic
Jiri Luzny a écrit :
>With the latest SVN code and setting ldap_check_level to 1 the
>authentication works fine with AD!
>Also testTransfertUserFromLDAP() runs correctly when
>ldap_fields_mapping changed to "name=sAMAccountName,...".
>
>Thank you very much,
>Jiri.
>
>On Fri, 29 Apr 2005 13:52:02 +0200, you wrote:
>
>
>
>
>
>>
>>
>>
>>
>>>-----Message d'origine-----
>>>De : Jiri Luzny [mailto:jiri.luzny@seznam.cz]
>>>Envoyé : vendredi 29 avril 2005 13:20
>>>? : xwiki-dev(a)objectweb.org
>>>Objet : Re: [xwiki-dev] LDAP integration status
>>>
>>>
>>>
>>>
>>>
>>>>what about to allow to configure attribute=value pairs that will be used
>>>>
>>>>
>>>>
>>>>
>>>for DN search? E.g ldap_DN_filter="AMAccountName=luzny_j"?
>>>
>>>I meant: ldap_DN_filter="sAMAccountName={0}"
>>>
>>>
>>>
>>>
>>>
>>>
>>This could be done simply setting ldap_base_DN and ldap_UID_attr
>>
>>ldap_base_DN = "OU=Accounts,OU=All Users,DC=ad,DC=company,DC=cz"
>>ldap_UID_attr = "sAMAccountName"
>>
>>With the last version I just commit in SVN that support this syntax :
>>ldap_bind_DN = "DOMAIN\\{0}"
>>ldap_bind_pass = "{1}"
>>the only thing that need to be done is removing check on password.
>>
>>Am I right ?
>>
>>
>>
>>
>>
>>
>
>
>
>------------------------------------------------------------------------
>
>
>--
>You receive this message as a subscriber of the xwiki-dev(a)objectweb.org mailing list.
>To unsubscribe: mailto:xwiki-dev-unsubscribe@objectweb.org
>For general help: mailto:sympa@objectweb.org?subject=help
>ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>
>
>
>
3 May
3 May
8:48 a.m.
New subject: [xwiki-dev] LDAP integration status
Now I think I'm going to use the
xwiki.authentication.ldap param to
automatically enhance the XWiki.XWikiPreferences class and add the
needed fields in the editprefs form.
Good idea. Makes the initial setup easier while keeping only one place
for this kind of configuration (+ no need to restart when stored in DB
comparing to the config file).
On Mon, 02 May 2005 23:41:20 +0200, you wrote:
>
>Thanks a lot.. With the changes I made the other day, it is possible to
>put the LDAP config on xwiki.cfg which allows not to have to edit the
>XWiki.XWikiPreferences class.
Now I think I'm going to use the
xwiki.authentication.ldap param to
automatically enhance the XWiki.XWikiPreferences class and add the
needed fields in the editprefs form.
>
>Ludovic
>
>Jiri Luzny a écrit :
>
>>you can find the small how-to here:
>>http://www.xwiki.org/xwiki/bin/view/Dev/LDAPIntegrationAD
>>
>>Jiri.
>>
>>
>>On Sat, 30 Apr 2005 07:56:01 +0200, you wrote:
>>
>>
>>
>>>Hi Ludovic,
>>>
>>>what I did was running testCheckLogonWithUserBind() and
>>>testTransfertUserFromLDAP() tests against our real production AD.
>>>On Monday next week I will try to fully integrate it to our production
>>>XWiki instance and will write the small how-to.
>>>
>>>Jiri.
>>>
>>>I was running the
>>>
>>>On Fri, 29 Apr 2005 16:51:57 +0200, you wrote:
>>>
>>>
>>>
>>>>Thanks a lot to you Jiri for the help and testing.. Alex with your help
>>>>has done a great job.
>>>>We'll be testing this for IRCAD next week on a real production
>>>>environnement.
>>>>
>>>>Are you doing the same on your end ? If so, could you write a small
>>>>configuration documentation for Active Directory ?
>>>>
>>>>Ludovic
>>>>
>>>>Jiri Luzny a écrit :
>>>>
>>>>
>>>>
>>>>>With the latest SVN code and setting ldap_check_level to 1 the
>>>>>authentication works fine with AD!
>>>>>Also testTransfertUserFromLDAP() runs correctly when
>>>>>ldap_fields_mapping changed to "name=sAMAccountName,...".
>>>>>
>>>>>Thank you very much,
>>>>>Jiri.
>>>>>
>>>>>On Fri, 29 Apr 2005 13:52:02 +0200, you wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>-----Message d'origine-----
>>>>>>>De : Jiri Luzny [mailto:jiri.luzny@seznam.cz]
>>>>>>>Envoyé : vendredi 29 avril 2005 13:20
>>>>>>>? : xwiki-dev(a)objectweb.org
>>>>>>>Objet : Re: [xwiki-dev] LDAP integration status
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>what about to allow to configure attribute=value pairs
that will be used
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>for DN search? E.g
ldap_DN_filter="AMAccountName=luzny_j"?
>>>>>>>
>>>>>>>I meant: ldap_DN_filter="sAMAccountName={0}"
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>This could be done simply setting ldap_base_DN and ldap_UID_attr
>>>>>>
>>>>>>ldap_base_DN = "OU=Accounts,OU=All
Users,DC=ad,DC=company,DC=cz"
>>>>>>ldap_UID_attr = "sAMAccountName"
>>>>>>
>>>>>>With the last version I just commit in SVN that support this
syntax :
>>>>>>ldap_bind_DN = "DOMAIN\\{0}"
>>>>>>ldap_bind_pass = "{1}"
>>>>>>the only thing that need to be done is removing check on
password.
>>>>>>
>>>>>>Am I right ?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>------------------------------------------------------------------------
>>>>>
>>>>>
>>>>>--
>>>>>You receive this message as a subscriber of the
xwiki-dev(a)objectweb.org mailing list.
>>>>>To unsubscribe: mailto:xwiki-dev-unsubscribe@objectweb.org
>>>>>For general help: mailto:sympa@objectweb.org?subject=help
>>>>>ObjectWeb mailing lists service home page:
http://www.objectweb.org/wws
>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>>
>>
>>
>>
>>
>>
>>------------------------------------------------------------------------
>>
>>
>>--
>>You receive this message as a subscriber of the xwiki-dev(a)objectweb.org mailing
list.
>>To unsubscribe: mailto:xwiki-dev-unsubscribe@objectweb.org
>>For general help: mailto:sympa@objectweb.org?subject=help
>>ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>>
>>
7068
days inactive
7072
days old
10 comments
3 participants
participants (3)
-
Alexis KARTMANN -
Jiri Luzny -
Ludovic Dubost