[xwiki-users] Users created through admin options have dual authentication when LDAP is on
2 Feb
2011
2 Feb
'11
12:36 a.m.
Hi,
I added my LDAP users to Xwiki manually one by one through the Xwiki
Administration form, I did that so I can add them to their corresponding
groups so they have their correct user rights since their first login.
When creating a new user through the form, the password is mandatory, so I
copy/pasted the user in the password field (e.g.: user jsmith and password
jsmith as well).
Then when I asked the user to login, she could login correctly, but then I
thought maybe I should try to login using the password I set on the form,
and oh surprise, it logged in too!, is this the correct behavior or did I do
something wrong here?
I need users to login only when entering their ldap password, not their
xwiki password.
Thanks in advance.
JC
2 Feb
2 Feb
12:53 a.m.
New subject: [xwiki-users] Fwd: Users created through admin options have dual authentication when LDAP is on
Ooops!, I forgot, I'm using xwiki-enterprise-web-2.5.1
I have authentication class set like follows:
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
---------- Forwarded message ----------
From: Juan Carlos Vizueta <jvizueta(a)gmail.com>
Date: Tue, Feb 1, 2011 at 6:36 PM
Subject: Users created through admin options have dual authentication when
LDAP is on
To: users(a)xwiki.org
Hi,
I added my LDAP users to Xwiki manually one by one through the Xwiki
Administration form, I did that so I can add them to their corresponding
groups so they have their correct user rights since their first login.
When creating a new user through the form, the password is mandatory, so I
copy/pasted the user in the password field (e.g.: user jsmith and password
jsmith as well).
Then when I asked the user to login, she could login correctly, but then I
thought maybe I should try to login using the password I set on the form,
and oh surprise, it logged in too!, is this the correct behavior or did I do
something wrong here?
I need users to login only when entering their ldap password, not their
xwiki password.
Thanks in advance.
JC
10:27 a.m.
New subject: [xwiki-users] Fwd: Users created through admin options have dual authentication when LDAP is on
Hi Juan,
I encounter the same question and my answer is different.
In do not create the user, I just add it in the groups without using the
wizard, just typing XWiki.login where login is the LDAP login of the user.
Hope this help.
Maxime
2011/2/2 Juan Carlos Vizueta <jvizueta(a)gmail.com>
Ooops!, I forgot, I'm using
xwiki-enterprise-web-2.5.1
I have authentication class set like follows:
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
---------- Forwarded message ----------
From: Juan Carlos Vizueta <jvizueta(a)gmail.com>
Date: Tue, Feb 1, 2011 at 6:36 PM
Subject: Users created through admin options have dual authentication when
LDAP is on
To: users(a)xwiki.org
Hi,
I added my LDAP users to Xwiki manually one by one through the Xwiki
Administration form, I did that so I can add them to their corresponding
groups so they have their correct user rights since their first login.
When creating a new user through the form, the password is mandatory, so I
copy/pasted the user in the password field (e.g.: user jsmith and password
jsmith as well).
Then when I asked the user to login, she could login correctly, but then I
thought maybe I should try to login using the password I set on the form,
and oh surprise, it logged in too!, is this the correct behavior or did I
do
something wrong here?
I need users to login only when entering their ldap password, not their
xwiki password.
Thanks in advance.
JC
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
4:06 p.m.
New subject: [xwiki-users] Fwd: Users created through admin options have dual authentication when LDAP is on
Thank you for your kind answer. OK, I deleted users created using form, but
it seems like they don't get deleted in the database.
For example, let's say I delete user jsmith, then when John Smith tries to
login, a new user is created, not jsmith, but jsmith_1, that's driving me
nuts, how do I avoid that? I know that it must be because user jsmith
already has a history in the documents modified by him that must be
preserved, but I don't want some users to have the "_1" and some others
not.
(I don't have a list of users deleted, so I don't know which users after
first login will be added the "_1")
One more thing, when I try to recreate user jsmith through the form, it says
it is already created, if I deleted the user jsmith, it means deleted, how
come it says it's still there?
Thanks in advance.
JC
On Wed, Feb 2, 2011 at 4:27 AM, Le Génie <le.genie.logiciel(a)gmail.com>wrote;wrote:
Hi Juan,
I encounter the same question and my answer is different.
In do not create the user, I just add it in the groups without using the
wizard, just typing XWiki.login where login is the LDAP login of the user.
Hope this help.
Maxime
2011/2/2 Juan Carlos Vizueta <jvizueta(a)gmail.com>
Ooops!, I forgot, I'm using
xwiki-enterprise-web-2.5.1
I have authentication class set like follows:
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
---------- Forwarded message ----------
From: Juan Carlos Vizueta <jvizueta(a)gmail.com>
Date: Tue, Feb 1, 2011 at 6:36 PM
Subject: Users created through admin options have dual authentication
when
LDAP is on
To: users(a)xwiki.org
Hi,
I added my LDAP users to Xwiki manually one by one through the Xwiki
Administration form, I did that so I can add them to their corresponding
groups so they have their correct user rights since their first login.
When creating a new user through the form, the password is mandatory, so
I
copy/pasted the user in the password field (e.g.:
user jsmith and
password
jsmith as well).
Then when I asked the user to login, she could login correctly, but then
I
thought maybe I should try to login using the
password I set on the form,
and oh surprise, it logged in too!, is this the correct behavior or did I
do
something wrong here?
I need users to login only when entering their ldap password, not their
xwiki password.
Thanks in advance.
JC
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
7:28 p.m.
Hi Juan,
If you really want to create users prior to their first login via LDAP
authentication, creating the user from the administration is not
enough. You must add an XWiki.LDAPProfileClass object to the user
document, which precises the LDAP uid of the user.
If you don't do that, a new user will be created when the person
connects for the first time. This is for example what happened with
your users jssmith_1, etc.
I have contributed an extension to allow automatic LDAP
synchronization (at night for example), so admins that want to give
access rights to their LDAP users don't have to create them manually.
You can find it here
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP+Tools
The synchronization feature only works starting with XWiki Enterprise
3.0 (not released yet). Though I can provide a built jar to drop in
for 2.7 if anyone is interested.
Jerome.
On Wed, Feb 2, 2011 at 12:36 AM, Juan Carlos Vizueta <jvizueta(a)gmail.com> wrote:
Hi,
I added my LDAP users to Xwiki manually one by one through the Xwiki
Administration form, I did that so I can add them to their corresponding
groups so they have their correct user rights since their first login.
When creating a new user through the form, the password is mandatory, so I
copy/pasted the user in the password field (e.g.: user jsmith and password
jsmith as well).
Then when I asked the user to login, she could login correctly, but then I
thought maybe I should try to login using the password I set on the form,
and oh surprise, it logged in too!, is this the correct behavior or did I do
something wrong here?
I need users to login only when entering their ldap password, not their
xwiki password.
Thanks in advance.
JC
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
3 Feb
3 Feb
2:11 p.m.
On Wed, Feb 2, 2011 at 19:28, Jerome Velociter <jerome(a)xwiki.com> wrote:
Hi Juan,
If you really want to create users prior to their first login via LDAP
authentication, creating the user from the administration is not
enough. You must add an XWiki.LDAPProfileClass object to the user
document, which precises the LDAP uid of the user.
If you don't do that, a new user will be created when the person
connects for the first time. This is for example what happened with
your users jssmith_1, etc.
This is because without this object LDAP authenticator has no way to
know that it's supposed to overwrite this perfectly valid XWiki user
so it create a new one to be safe.
I have contributed an extension to allow automatic LDAP
synchronization (at night for example), so admins that want to give
access rights to their LDAP users don't have to create them manually.
You can find it here
http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP+Tools
The synchronization feature only works starting with XWiki Enterprise
3.0 (not released yet). Though I can provide a built jar to drop in
for 2.7 if anyone is interested.
Jerome.
On Wed, Feb 2, 2011 at 12:36 AM, Juan Carlos Vizueta <jvizueta(a)gmail.com> wrote:
--
Thomas Mortagne
Hi,
I added my LDAP users to Xwiki manually one by one through the Xwiki
Administration form, I did that so I can add them to their corresponding
groups so they have their correct user rights since their first login.
When creating a new user through the form, the password is mandatory, so I
copy/pasted the user in the password field (e.g.: user jsmith and password
jsmith as well).
Then when I asked the user to login, she could login correctly, but then I
thought maybe I should try to login using the password I set on the form,
and oh surprise, it logged in too!, is this the correct behavior or did I do
something wrong here?
I need users to login only when entering their ldap password, not their
xwiki password.
Thanks in advance.
JC
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
5071
days inactive
5073
days old
5 comments
4 participants
participants (4)
-
Jerome Velociter -
Juan Carlos Vizueta -
Le Génie -
Thomas Mortagne