Hi Maxime,
Maxime Mathieu wrote:
Hi,
I have applied the last section of this doc
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCa…
you).
So, in theory, users are created only in the main wiki. And it is the
desired behavior.
First of all, allow me what could be a silly question: *virtual wiki*
and *subwiki* are used as synonyms? Local and main wiki are also used
indistinctly? I think Local is used as "relative" concept both in the
main and virtual wikis to express that an user or a group is defined in
its database. Thus, I think it will be better to use *main wiki* for the
"master", even though I prefer the the old wary: the controller, and
*virtual wikis* for any other wiki in the farm. In fact sub wiki could
be not appropriate for a number or reasons. For instance, here we have
some virtual wikis that are far from being considered as a sub-group of
the controller.
In brief: I would like to propose to use *controller* and *virtual
wikis* as the advised way of calling both type of wikis. WDYT? Thanks!
But in fact, an admin can create a local user (not
connected to the LDAP) in
a subwiki. It is what I have done only to test the Meta-G feature.
If you know how to prevent local user creation, I'm interested.
No idea, sorry. I've not faced this kind of challenges yet. What I
understand here is that you want to have virtual wikis administrators
that won't be able to create local users, am I right? This will be
welcome also here.
More about my configuration :
Users don't have the right to read the main wiki (except their profil page,
of course).
Only users are imported from the LDAP, the groups are xwiki groups.
Here groups in the directory service are used for many other different
things. So, for us, groups in the farm and in the directory service must
be synchronized. In fact, this is a feature we are planning to develop.
Well, patronize its development! I am far from being able to develop
such a thing! Now, users and groups can be synchronized with directory
service contains, but that is not true the other way round. For
instance: if an user changes its telephone number in the his/her wiki
profile, the change won't propagate to the directory.
Please, why do you use XWiki groups?
The
principle to manage the rights of a subwiki is that the subwiki
administrator creates local group and inserts global users in it.
I get your point, but as stated before, groups for us have a lot of
different uses in the directory service. I've not tried yet how LDAP
properties set at virtual wiki level behave. I will keep this thread, or
created new ones if required, updated about this issue.
BTW, does global user selector work for you when editing local groups in
virtual wikis? It doesn't show any result for me.
Cheer!
Ricardo
--
Ricardo Rodríguez
CTO
eBioTIC.
Life Sciences, Data Modeling and Information Management Systems