2 Aug
2008
2 Aug
'08
12:49 p.m.
On Fri, Aug 1, 2008 at 7:54 PM, Vincent Massol <vincent(a)massol.net> wrote:
On Aug 1, 2008, at 7:46 PM, Thomas Mortagne wrote:
This work like that since the first old LDAP authenticator and it's
the first time someone report that it's an issue AFAIK...
Anyway maybe a new parameter "userDN_constant=true/false" or something
like that would be better. Or we completely remove this way to get the
DN.
On Fri, Aug 1, 2008 at 6:22 PM, Vincent Massol
<vincent(a)massol.net>
wrote:
I understand but cannot we do better? It looks a bit like magic and
the parameter name doesn't reflect the behavior and the dangerousness
associated with it.
On Aug 1, 2008, at 6:17 PM, Thomas Mortagne wrote:
[snip]
It's not a limitation, just configuration. As I said, If you don't
have "ldap_dn=dn" in xwiki.authentication.ldap.fields_mapping the DN
is never stored so you don't have the problem. But maybe the default
value of wiki.authentication.ldap.fields_mapping has to be changed. I found what is the problem: It's not your
configuration, by default
XWiki store the DN in the user's profile (with the "ldap_dn=dn" in
xwiki.authentication.ldap.fields_mapping property) to speed up the
DN
search. The problem is that it will always use the first DN used
for a
user even the user moved in LDAP server.
So what you can do to fix it:
- for existing users in XWiki: edit the user's profile page using
object editor and change the value of the property ldap_dn (LDAP
DN).
Set the new DN or just blank it to let XWiki update it.
- if you plan to move LDAP users regularely: remove the "ldap_dn=dn"
from xwiki.authentication.ldap.fields_mapping property to avoid LDAP
user DN storage.
This looks like an important XWiki limitation isn't it?
I guess moving users in LDAP is a pretty common thing and we should
probably not request admins to edit related XWiki users objects. That
doesn't sound right.
Also I don't see the use cases where this parameter could be used?
(unless your LDAP is read only which is probably pretty rare).
You are maybe right, I really don't know as I pretty much never used
LDAP for personal needs.
Thanks
-Vincent
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne