On Sat, Jun 6, 2009 at 6:56 AM, tmortagne (via Nabble) <
ml-user+47511-112540235@n2.nabble.com<ml-user%2B47511-112540235@n2.nabble.com>
wrote:
> Hi,
>
> On Fri, Jun 5, 2009 at 18:33,
Andawyr<andawyr@...<http://n2.nabble.com/user/SendEmail.jtp?type=node&node=3035230&i=0>>
wrote:
> >
> > We've configured our XWiki instance to use a custom authentication plugin
> to
> > authenticate via a secure logon cookie. When the user signs in,
> information
> > pertaining to the user is fetched from Active Directory; note that this
> is
> > done as part of the plugin, and does not access A/D via XWiki.
> >
> > However, the side effect of this change is that a user has to access
> XWiki
> > once to get created in the local user space so they can then be added to
> the
> > various groups that have been created in the wiki. This is inconvenient
> at
> > best, and I would like to fix this.
> >
> > I found an interesting script in this post:
> >
> >
http://n2.nabble.com/LDAP---importing-users-td506206.html#a506207
> >
> > that provides a script to query LDAP via XWiki, and populate the local
> user
> > store with all A/D users.
> >
> > My question is: can I configure XWiki to use both the custom
> authentication
> > plugin, *and* configure LDAP access so I can use the above script to
> > populate the database?
> >
> > If the above doesn't work, I can create a perl script that will generate
> a
> > script that I can put into a Wiki page, but that's not as nice as having
> a
> > canned script available the wiki that I can run at the click of a mouse.
> >
>
> What you can do is extends the XWikiLDAPAuthServiceImpl authenticator,
> do your custom part and let it do the LDAP part. All the methods are
> protected so you can easily modify some parts of it's behavior if you
> need. That way your custom authenticator is called but it can use the
> XWiki standard LDAP authenticator (which will use the same
> configuration it would use if it was the "main" authenticator) as a
> tool.
So, just to be clear, this will perform user searches directly against
LDAP? Will there be any harm to manually inserting people into the XWiki
user store ahead of implementing the new LDAP auth service class? I need to
get users using the wiki asap, and I can't wait until I have the new auth
service class implemented....
If you just want the part which create a xwiki user from ldap
information you can look at XWikiLDAPAuthServiceImpl
(
)
to see how it does it and do the same. #createUserFromLDAP and
#updateUserFromLDAP methods which are both protected. You can also
look at #syncUser which take care of calling create or update.
I just suggested the cleaner way for your authenticator in the long term IMO.
--
View this message in context:
http://n2.nabble.com/Custom-authentication%2C-LDAP-configuration-tp3031494p…
Sent from the XWiki- Users mailing list archive at
Nabble.com.
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users