Hi, Having XWiki 1.0B3, I ran into 3 issues around LDAP (we use Novell eDirectory). Before, I would like to say that XWiki runs fine against eDirectory through the LDAP interface! (It was a little bit tricky to set up and it would be great if someone could write up some more detailed documentation on it.) Here are the configuration parameter that I used: xwiki.authentication.ldap=1 xwiki.authentication.ldap.authclass=com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl xwiki.authentication.ldap.server=dsmaster xwiki.authentication.ldap.check_level=1 xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.base_DN=department=USER,department=INFORMATIK,department=1230,o=MP xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP xwiki.authentication.ldap.bind_pass={1} xwiki.authentication.ldap.UID_attr=uid .... 1. In our LDAP structure (about 2000 employees) the users that should have access to XWiki are in multiple department nodes in the LDAP structure. Thus, I cannot specify a single pattern of the kind cn={0},department=USER,department=INFORMATIK,department=1230,o=MP for authentication. How could I specify users from different departments to have access to XWiki? (E.g. can I specify multiple xwiki.authentication.ldap.bind_DN lines?) 2. We cannot allow ALL users in the LDAP structure to have access to XWiki. We would like to specify an LDAP group for all users that have access to XWiki. How could we configure this? Our eDirectory allows annonymous browsing. (It is not the probably harder issue that we would want to use a LDAP groups for page access rights. I am talking about the simpler issues of just controlling the list of users that have access to XWiki from an identity system behind LDAP.) 3. Current behavior is, that 1. I can login with a user/pwd authenticated against LDAP/eDirectory. If the user does not already exist in XWiki, the user appears to be created. 2. A user, created in XWiki CANNOT Login anymore, if he/she is not an LDAP user. (Why is that?) 3. The old passwords do not work anymore for users with a matching entry in XWiki and LDAP. (ok) Why can't I add user per hand if I use LDAP? This would at least allow some Workaround for some departments. Can I hope for XWiki 1.0 to include the handling of an LDAP group for authentication? I have read a blog mentioning LDAP group support being planned for 1.0. Is this still the case? Regards, G Leeb ------------------------------------------------------------------------------- Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -------------------------------------------------------------------------------