Re: [xwiki-users] subwiki ldap authentication

I have performed the following steps: * Installed the LDAP Admin Application on the subwiki. * Changed the LDAP BASE_DN to point to a different location than the main wiki . ( OU=Accounting,OU=myBranch,OU=All Users,DC=mycompanyt,DC=com ) as opposed to ( OU=All Users,DC=mycompanyt,DC=com) on the main. * Created a new group in my AD called "maintenance_wiki" that has a membership of users that I wish to authenticate against (as there is the odd user that I want to authenticate that will not reside in the OU=Accounting,OU=myBranch,OU=All Users,DC=mycompanyt,DC=com branch). * Changed the "Restricted To Group" setting in the LDAP application to point to my new maintenance_wiki group. * Restarted the tomcat services. After turning LDAP logging on and performing some tests it appears that If I log on with a user that does not exist in the "maintenance_wiki" group it will next try to authenticate using the Main Wiki's search DN as opposed to the more granular one that I have defined in the Subwiki. So instead of getting an "Invalid Credentials" message, which I was hoping for, it instead creates the user in the main wiki and lets the user into the subwiki with the message "ERROR you are not allowed to view this document or perform this action". What I was hoping would happen is that the subwiki would only authenticate users from the search DN defined in the subwiki or that belong in the group that I defined, and not create accounts for users that exist in the main wiki's search DN. Is this possible? Kelly Steinke Software Developer/System Support STEEL-CRAFT DOOR PRODUCTS LTD. 13504 St. Albert Trail Edmonton, AB T5L 4P4 Bus: 780.453.3761 ext.3310 Fax: 780.454.1584 Toll Free: 1.800.463.3667 www.steel-craft.ca Information contained in this communication may be confidential and is intended only for the use of the individual(s) named above. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this e-mail in error please notify the sender. ----- Original Message ----- From: "Thomas Mortagne" <thomas.mortagne(a)xwiki.com> To: "XWiki Users" <users(a)xwiki.org> Sent: Tuesday, December 31, 2013 12:27:47 AM Subject: Re: [xwiki-users] subwiki ldap authentication Yes you have only one xwiki.cfg which contains the default configuration for each wiki but "You can also setup the LDAP configuration in the XWiki.XWikiPreferences page by going to the object editor. Simply replace xwiki.authentication.ldap. with ldap_. For example xwiki.authentication.ldap.base_DN becomes ldap_base_DN." You can install http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP+Application which is doing exactly that (modifying XWikiPreferences page) in the wikis you want to modify. On Tue, Dec 31, 2013 at 12:52 AM, Kelly Steinke <ksteinke(a)steel-craft.ca> wrote: -- Thomas Mortagne _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users