On Thu, Oct 23, 2008 at 11:53 AM, Thomas Mortagne <[EMAIL PROTECTED]> wrote: > Hi, > > Sorry to answer only now I had lot's of work and not that much with > Internet access ;) > > On Tue, Oct 21, 2008 at 4:04 PM, <[EMAIL PROTECTED]> wrote: >> Hi Thomas, >> >> First I would congratulate you guys for such a powerful and top-of-mind tool >> like Xwiki. I'm the leader of the team here on my Company in Brazil (a Court >> government institute) that is implementing a wiki tool, and my first - and >> de-facto - choice was Xwiki. We're on ongoing works on it for integration >> with our AD infrastucture and it shows to be a complete and very powerful >> tool to fulfill our requirements. >> This AD integration (and the ACL's Xwiki provides through AD imported >> groups) is the decisive feature for our needs. And on this subject, some >> questions came in mind. I've installed your last 1.6-SNAPSHOT, that corrects >> the bug regarding the AD authentication and seems to work (and log) well. >> But my question is about reseting the LDAP password through Xwiki. As I >> could notice, when I reset > a password from a AD user through the "Forgot your password" feature, > it doesn't reset the AD user password, but it resets (or creates?) the > user password only in the internal database. > > Yes XWiki does not write/modify anything in LDAP server and it as to > remain like this IMO. But you are right there is a problem with > "Forgot your password" feature that should be disabled for LDAP users > on XWiki. > > I will investigate this, thanks for the report.
Ok so yes if the user or admin change the user's profile password there will be two way to login with this user, LDAP or XWiki "classical" way. But anyway only user himself or admin can change the user XWiki password so I will disable "Forgot your password" feature for user containing LDAP object for now, that way user will not make the mistake. In the meantime you can remove the page XWiki.ResetPassword to disable it. > >> The logs show that > it can't authenticate anymore on the LDAP, but it tries to log on the > Xwiki database and succeeds. Because of this, one can get two > out-of-sync working passwords: one through LDAP (and it permits that > his AD attributes be refreshed on every login - just what we need) and > other through Xwiki database, which does not provide LDAP attributes > refresh (once the authentication fails). >> Does the last Xwiki 1.6 have this capability of password sync'ing? Is it a >> bug? I know sure that this could be a serious security breach (once one >> knows the username of another, the LDAP password can be compromised). This >> leads to another questions and we're touch them later. My mails is too big >> already :-) >> >> By the way, I'm gonna provide the Brazilian Portuguese translation for the >> project :-) > > Great ! > >> I'm looking forward to your response. >> Thanks in advance, >> >> Ramon Gomes Brandão >> > > I'm forwarding also in [email protected] mailing list as this can be > interesting for anyone. > > -- > Thomas Mortagne > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
