15 Jun
2009
15 Jun
'09
10:11 a.m.
On Tue, Jun 9, 2009 at 17:10, Andawyr<andawyr(a)gmail.com> wrote:
tmortagne wrote:
Yes now i understand ;)
So what you need is that group admin UI look at LDAP also instead of
just XWiki (or at worst to synch all the LDAP users once), right ?
There is nothing like that in standard and i doubt it's easy to modify
the user/group UI to support other users "sources".
Note that if you know the users uids you can put them in the groups
even if the users does not exists yet. Simply add "XWiki.<ldapuid>"
(or xwiki:XWiki.userid) depending of your LDAP configuration in group.
Look at existing users ids in the group you want to edit to be sure.
If you just want the part which create a xwiki user from ldap
information you can look at XWikiLDAPAuthServiceImpl
(http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-core/src/main/…)
to see how it does it and do the same. #createUserFromLDAP and
#updateUserFromLDAP methods which are both protected. You can also
look at #syncUser which take care of calling create or update.
I just suggested the cleaner way for your authenticator in the long term
IMO.
Maybe I haven't presented my issue clear enough, since I don't think you
quite understand what I'm after. Or, maybe you do and I'm just not grocking
your response.
let me try again :-) Our current authentication class will do the following:
- allow forms based login, if the wiki is accessed from outside the
application that creates the SSO login cookie.
- if the SSO login cookie exists, use the ID contained in the cookie to
validate the user against LDAP. note that the password is not checked,
since that has already been done by the containing application.
So, when a user signs in for the first time and accesses the wiki, the user
will be created in XWiki, and placed into the 'all users' group. On
subsequent logins, user information is updated from LDAP.
However, to properly configure groups to restrict access to various bits of
wiki content, the users all need to sign into the application first before I
can add them to the group, since searching as currently implemented does NOT
search ldap; rather, it searches the local user database.
I need to have user searching go against LDAP directly, so the restriction
of forcing users to sign into the application first is not required.
I hope that explains what I'm trying to do.
--
View this message in context:
http://n2.nabble.com/Custom-authentication%2C-LDAP-configuration-tp3031494p…
Sent from the XWiki- Users mailing list archive at Nabble.com.
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne