[
http://jira.xwiki.org/jira/browse/XWIKI-1079?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thomas Mortagne updated XWIKI-1079:
-----------------------------------
Description:
Implementation of a substitude LDAP authentication class.
The new features and changes:
- Separate LDAP login and authentication validation
- An LDAP group membership is first checked before a user can be authenticated
against LDAP
- LDAP Groups are handled recursivly (groups in groups)
- LDAP Groups and their members are cached with an expiration
- LDAP attributes can update XWiki user attributes configurable at create time
or on every login
- LDAP group membership can be sync'ed with XWiki group membership
- If authentication with LDAP fails it still will try to authenticate against
the XWiki DB
- detailed comments in xwiki.cfg
- pretty much every detail of the behavior can be configured in xwiki.cfg
- All valuable features from the old LDAPAuthServiceImpl are reimplemented
(except for LDAP bind being sufficent for login implemented by the check_level
configuration)
- Any LDAP attribute can be used containing the XWiki name
- Added SSL support
- Each virtual server can have it's own LDAP configuration even enable disable
LDAP
This has been tested against OpenLDAP, Novell eDirectory and ApacheDS.
I would like to ask for a code-read, verification of how the module is using
the XWiki APIs and testing in various environments.
Most of all, I am looking for feedback.
was:
I have finished the implementation of a substitude LDAP authentication class.
The new features and changes:
- Separate LDAP login and authentication validation
- An LDAP group membership is first checked before a user can be authenticated
against LDAP
- LDAP Groups are handled recursivly (groups in groups)
- LDAP Groups and their members are cached with an expiration
- LDAP attributes can update XWiki user attributes configurable at create time
or on every login
- LDAP group membership can be sync'ed with XWiki group membership
- If authentication with LDAP fails it still will try to authenticate against
the XWiki DB
- detailed comments in xwiki.cfg
- pretty much every detail of the behavior can be configured in xwiki.cfg
- as far as I can see, all valuable features from the old LDAPAuthServiceImpl
are reimplemented (except for LDAP bind being sufficent for login implemented
by the check_level configuration)
- I have tried to implement all the feature requests about LDAP that I have
heard about
- any LDAP attribute can be used containing the XWiki name
Known Issues:
- joining an XWiki group or removing someone from a group does not appear to
work correctly
- creating a user appears incomplete to me
I tested against OpenLDAP and Novell eDirectory.
I would like to ask for a code-read, verification of how the module is using
the XWiki APIs and testing in various environments.
Most of all, I am looking for feedback.
This is not a final version!
Updated issue description
> LDAP Authentication
> -------------------
>
> Key: XWIKI-1079
> URL: http://jira.xwiki.org/jira/browse/XWIKI-1079
> Project: XWiki Core
> Issue Type: Improvement
> Components: Admin, Authentication and Rights Management, Plugin -
> Other, Wiki features
> Affects Versions: 1.0 B6
> Reporter: Gunter Leeb
> Assigned To: Thomas Mortagne
> Fix For: 1.3 M2
>
> Attachments: 20080207-new_ldap_auth.patch,
> 20080208-new_ldap_auth.patch, 20080211-new_ldap_auth.patch,
> 20080212-new_ldap_auth.zip, ldap.zip, LDAPAuthenticater.class,
> LDAPAuthenticater.java, LDAPAuthenticater.java, LDAPAuthenticater.java,
> new_ldap_auth.patch, ssl.zip, XWiki.zip
>
>
> Implementation of a substitude LDAP authentication class.
> The new features and changes:
> - Separate LDAP login and authentication validation
> - An LDAP group membership is first checked before a user can be
> authenticated against LDAP
> - LDAP Groups are handled recursivly (groups in groups)
> - LDAP Groups and their members are cached with an expiration
> - LDAP attributes can update XWiki user attributes configurable at create
> time or on every login
> - LDAP group membership can be sync'ed with XWiki group membership
> - If authentication with LDAP fails it still will try to authenticate against
> the XWiki DB
> - detailed comments in xwiki.cfg
> - pretty much every detail of the behavior can be configured in xwiki.cfg
> - All valuable features from the old LDAPAuthServiceImpl are reimplemented
> (except for LDAP bind being sufficent for login implemented by the
> check_level configuration)
> - Any LDAP attribute can be used containing the XWiki name
> - Added SSL support
> - Each virtual server can have it's own LDAP configuration even enable
> disable LDAP
> This has been tested against OpenLDAP, Novell eDirectory and ApacheDS.
> I would like to ask for a code-read, verification of how the module is using
> the XWiki APIs and testing in various environments.
> Most of all, I am looking for feedback.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.xwiki.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
notifications mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/notifications
