Hi all. I have a need to determine group membership based on criteria defined outside
xwiki, and wondering if anyone has done this, or can at least suggest a direction.
We have criteria for groups defined in LDAP, such things as your department or things like
that. I would like to be able to say that for a specific space, only people in so-and-so
department are allowed in. However department should be only one criteria; in general I
want to use an LDAP search the queries on an arbitrary set of attributes. In addition we
have something called "Bluegroups", in which you can define a group name and
then specify the members through either picking members individually, or again through an
LDAP search.
To do this, my idea was that the user would manually create an XWiki group, and then as a
member give something like "ldap:(dept=HTV)", or maybe "bluegroups:Support
team". Even better would be the ability to put a value such as this in the Access
Rights, under group, but I don't think things are setup that way. Anyway, looking at
the API, it seems like I need to implement listGroupsForUser(), which is difficult because
the group members are not stored in the db. I'm left with querying all the members
which begin with "ldap:" or "bluegroups:", determing which the user is
a member of via an LDAP call, and then returning them. I could cache these, but since
I'm not going to get notifications of group membership changes, I would need to
invalidate the cache once a day or something like that.
Does this seem like the most reasonable way of doing things? Or is there something that
would make my life really easy and wonderful? Thanks in advance ...
shawn.