Currently, XWiki allows only one method of authentication to be enabled. This means that using LDAP disables the normal XWiki users.
This is an error in the architecture, and I vote for changing this. Instead of using only one authentication/rights mechanism, we should have a list. When trying to authenticate a user, all the registered authenticators should be used, until at least one correctly identifies the user.
This should be better planned, so that in the future no other changes should be made.
Sergiu
On 3/23/07, Gunter Leeb <
Gunter.Leeb@mediaprint.at> wrote:Hi,
Using XWiki 1.0B3.
After switching to using LDAP (using our eDirectory), the current user
access management behavior that I am seeing is, that
1. I can login with a user/pwd authenticated against
LDAP/eDirectory. If the user does not already exist in XWiki, the user
appears to be created.
2. A user, created in XWiki CANNOT Login anymore, if he/she is not
an LDAP user. (Why is that?)
3. The old passwords do not work anymore for users with a matching
entry in XWiki and LDAP. (ok)
Why can't I add user per hand if I use LDAP? This would at least allow
some Workaround for some other limitations and give the administrator a
way to allow users that for some reasons do not get an entry in the
LDAP.
Can I hope for XWiki 1.0 to include the handling of an LDAP group for
authentication?
I have read a blog mentioning LDAP group support being planned for
1.0.
Is this still the case?
Regards,
GLeeb
xwiki.authentication.ldap=1
xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl
xwiki.authentication.ldap.server=dsmaster
xwiki.authentication.ldap.check_level=1
xwiki.authentication.ldap.port=389
xwiki.authentication.ldap.base_DN=department=USER,department=INFORMATIK,department=1230,o=MP
xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.UID_attr=uid
--
http://purl.org/net/sergiu