Re: [xwiki-users] LDAP integration issue

Hi, We are facing issue integrating XWiki against our enterprise LDAP directories. The fact is that we can't implement the LDAP group-mapping feature (xwiki.authentication.ldap.group_mapping) because xwiki tries to retrieve groups members using the xwiki logged/authenticated user who has no access right on the LDAP groups entries. That's why we configured xwiki to use a "proxy" ldap account (ldap_dn/ldap_pass) which has the required access privileges to query the whole ldap. But unfortunately, Xwiki binds first using this proxy account and then binds again using the logged user credentials before actually searching for the mapped groups members. Please find below the ldap requests made by xwiki I caught using a network sniffer tool: 1. xwiki binds against the ldap server using the "proxy" account (bind_dn/bind_pass) 2. xwiki get all members of the "ldap.user_group" xwiki parameter (it works since still connected with the proxy account) 3. xwiki binds using the credentials provided by the user 4. xwiki search for the user information (ldap.fields_mapping) 5. xwiki get the "ldap.group_mapping" members --> returns no entry Unfortunatly we are not in charge of the ldap servers administration and we are not able to change their configuration and grant read access on the groups entries to all the users. Is there any parameter to force xwiki to perform ldap queries (expect to authenticate the user) using the proxy account (credential defined in ldap_dn/ldap_pass)? XWiki should bind first using the users credential to authenticate the user and then perform all other required ldap requests using the proxy account. We are currently evaluating the last stable release 1.8 (but applies to previous release as well) and group mapping feature is highly needed. Any help will be greatly welcome. Thank you in advance. Regards, Laurent _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users