LDAP Authentication

Hi everyone, I have here the solution to all LDAP feature request (at least the ones I know of). Its been submitted as JIRA issue XWIKI-1079. This component is a substitude for com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl and is configured primarily through xwiki.cfg. The new features and changes: - Separate LDAP login and authentication validation - An LDAP group membership is first checked before a user is authenticated against LDAP - LDAP Groups are handled recursivly (groups in groups) - LDAP Groups and their members are cached with an expiration - LDAP attributes can update XWiki user attributes configurable at create time or on every login - LDAP group membership can be sync'ed with XWiki group membership - If authentication with LDAP fails it still will try to authenticate against the XWiki DB - detailed comments in xwiki.cfg - pretty much every detail of the behavior can be configured in xwiki.cfg - as far as I can see, all valuable features from the old LDAPAuthServiceImpl are reimplemented (except for LDAP bind being sufficent for login implemented by the check_level configuration) - I used as much code from this class as possible. - I have tried to implement all the feature requests about LDAP that I have heard about - any LDAP attribute can be used representing the XWiki's user name Known Issues: - joining an XWiki group or removing someone from a group does not appear to work correctly - creating a user appears incomplete to me I tested against OpenLDAP and Novell eDirectory. I would need help from experienced XWiki developers. I would like to ask for a code-read, verification of how the module is using the XWiki APIs and testing in various environments. Most of all, I am looking for feedback and tips to finish up this module. Regards, Gunter ------------------------------------------------------------------------------- Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -------------------------------------------------------------------------------