On Tue, Oct 12, 2010 at 12:03, Piotr
Dziubecki<deepres(a)man.poznan.pl> wrote:
W dniu 10-10-12 11:41, Thomas Mortagne wrote:
> On Tue, Oct 12, 2010 at 11:12, Piotr Dziubecki<deepres(a)man.poznan.pl>
wrote:
>> Hi,
>>
>> I'm testing the ldap features of xwiki and have a question regarding
importing /registering new user.
>>
>> I managed to setup ldap authentication with user import and group mapping. The
question is connected with
>> this configuration flag:
>>
>> #-# Specifies the LDAP attribute containing the identifier to be used as the
XWiki name (default=cn)
>> xwiki.authentication.ldap.UID_attr=mail
>>
>>
>> What I would achieve is a user authentication with his mail/password ( which is
pretty common nowadays ).
>>
>> It works with ldap and after a successful authentication with i.e.
>> mail = bruno(a)7cogs.com,
>>
>> a new user is created with the following value:
>>
>> username = bruno@7cogscom
>>
>> I assume that the 'dot' is not allowed to be used in the username string
?
>
> It's not really a user name limitation but the fact that the user id
> is the user profile page name which not does yet fully support dot.
>
>>
>> In my scenario there will be also a need for registering new users in a
traditional (xwiki ) way but it
>> seems to be impossible to provide a mail as a username ( even though the client
side validation seems to not
>> complain about that initially ):
>>
>> Invalid username provided. Please use only letters from the latin alphabet,
numbers, and the underscore
>> character.
>
> That's because the UI to create users is over precautionnous and does
> not allow anny "special" character.
>
> Do you really need your "normal" XWiki user name to contain a @ ?
Not really, what I want is to have a possibility to choose a field against which user can
authenticate
himself ( of course, I understand that not every field is unique but email meets that
requirement ).
>
>>
>> Do you have any clues how to achieve that ? maybe it's possible to set a flag
in xwiki config similar to the
>> ldap solution ( identifier to be used as the XWiki name )..
>
> If what you want is to create a XWiki user and then link it to LDAP,
> the user id does not really matter. All you have to do is to add the
> same object LDAP users have and provide the proper uid and DN in that
> object.
That is a solution, but in my case i have different users, one group with their user
credentials stored in
the LDAP and another group which will exist only in Wiki. For both of them I would like
to have a uniform
authentication policy ( mail/password ). Currently this method is the most popular one (
google, facebook
etc. ) and this is the reason of my queries.
Ok i understand now, sorry impossible to use a mail as normal XWiki
user. LDAP authenticator is doing mapping hack to be able to support
anything bu with the limitation on pages names impossible to support
the same with standard users yet.
I'm just thinking that in fact for such an application we could design scenario like
this:
1. user registers himself in xwiki with a regular username, mail and other necessary
data.
2. admin sets an option to select a user e-mail as an identifier to be used as the XWiki
login
3. user tries to login to the portal with email/password, system search for the username
mapped to that
email and tries to authenticate user with provider password.
This is more or less the idea I'm talking about :)