1 Aug
2008
1 Aug
'08
7:46 p.m.
On Fri, Aug 1, 2008 at 6:22 PM, Vincent Massol <vincent(a)massol.net> wrote:
On Aug 1, 2008, at 6:17 PM, Thomas Mortagne wrote:
[snip]
It's not a limitation, just configuration. As I said, If you don't
have "ldap_dn=dn" in xwiki.authentication.ldap.fields_mapping the DN
is never stored so you don't have the problem. But maybe the default
value of wiki.authentication.ldap.fields_mapping has to be changed.
I found what is the problem: It's not your
configuration, by default
XWiki store the DN in the user's profile (with the "ldap_dn=dn" in
xwiki.authentication.ldap.fields_mapping property) to speed up the DN
search. The problem is that it will always use the first DN used for a
user even the user moved in LDAP server.
So what you can do to fix it:
- for existing users in XWiki: edit the user's profile page using
object editor and change the value of the property ldap_dn (LDAP DN).
Set the new DN or just blank it to let XWiki update it.
- if you plan to move LDAP users regularely: remove the "ldap_dn=dn"
from xwiki.authentication.ldap.fields_mapping property to avoid LDAP
user DN storage.
This looks like an important XWiki limitation isn't it?
I guess moving users in LDAP is a pretty common thing and we should
probably not request admins to edit related XWiki users objects. That
doesn't sound right.
WDYT?
Thanks
-Vincent
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne