tmortagne wrote:
If you just want the part which create a xwiki user from ldap
information you can look at XWikiLDAPAuthServiceImpl
(
http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-core/src/main/…)
to see how it does it and do the same. #createUserFromLDAP and
#updateUserFromLDAP methods which are both protected. You can also
look at #syncUser which take care of calling create or update.
I just suggested the cleaner way for your authenticator in the long term
IMO.
Maybe I haven't presented my issue clear enough, since I don't think you
quite understand what I'm after. Or, maybe you do and I'm just not grocking
your response.
let me try again :-) Our current authentication class will do the following:
- allow forms based login, if the wiki is accessed from outside the
application that creates the SSO login cookie.
- if the SSO login cookie exists, use the ID contained in the cookie to
validate the user against LDAP. note that the password is not checked,
since that has already been done by the containing application.
So, when a user signs in for the first time and accesses the wiki, the user
will be created in XWiki, and placed into the 'all users' group. On
subsequent logins, user information is updated from LDAP.
However, to properly configure groups to restrict access to various bits of
wiki content, the users all need to sign into the application first before I
can add them to the group, since searching as currently implemented does NOT
search ldap; rather, it searches the local user database.
I need to have user searching go against LDAP directly, so the restriction
of forcing users to sign into the application first is not required.
I hope that explains what I'm trying to do.
--
View this message in context:
http://n2.nabble.com/Custom-authentication%2C-LDAP-configuration-tp3031494p…
Sent from the XWiki- Users mailing list archive at
Nabble.com.