On Mon, Jun 8, 2009 at 22:15, Andawyr<anda...@gmail.com> wrote:
> On Sat, Jun 6, 2009 at 6:56 AM, tmortagne (via Nabble) <
> ml-user+47511-112540...@n2.nabble.com<ml-user%2b47511-112540...@n2.nabble.com>
>> wrote:
>> Hi,
>> On Fri, Jun 5, 2009 at 18:33, 
>> Andawyr<anda...@...<http://n2.nabble.com/user/SendEmail.jtp?type=node&node=3035230&i=0>>
>> wrote:
>> >
>> > We've configured our XWiki instance to use a custom authentication plugin
>> to
>> > authenticate via a secure logon cookie.  When the user signs in,
>> information
>> > pertaining to the user is fetched from Active Directory; note that this
>> is
>> > done as part of the plugin, and does not access A/D via XWiki.
>> >
>> > However, the side effect of this change is that a user has to access
>> XWiki
>> > once to get created in the local user space so they can then be added to
>> the
>> > various groups that have been created in the wiki.  This is inconvenient
>> at
>> > best, and I would like to fix this.
>> >
>> > I found an interesting script in this post:
>> >
>> >    http://n2.nabble.com/LDAP---importing-users-td506206.html#a506207
>> >
>> > that provides a script to query LDAP via XWiki, and populate the local
>> user
>> > store with all A/D users.
>> >
>> > My question is: can I configure XWiki to use both the custom
>> authentication
>> > plugin, *and* configure LDAP access so I can use the above script to
>> > populate the database?
>> >
>> > If the above doesn't work, I can create a perl script that will generate
>> a
>> > script that I can put into a Wiki page, but that's not as nice as having
>> a
>> > canned script available the wiki that I can run at the click of a mouse.
>> >
>> What you can do is extends the XWikiLDAPAuthServiceImpl authenticator,
>> do your custom part and let it do the LDAP part. All the methods are
>> protected so you can easily modify some parts of it's behavior if you
>> need. That way your custom authenticator is called but it can use the
>> XWiki standard LDAP authenticator (which will use the same
>> configuration it would use if it was the "main" authenticator) as a
>> tool.
> So, just to be clear, this will perform user searches directly against
> LDAP?  Will there be any harm to manually inserting people into the XWiki
> user store ahead of implementing the new LDAP auth service class?  I need to
> get users using the wiki asap, and I can't wait until I have the new auth
> service class implemented....

If you just want the part which create a xwiki user from ldap
information you can look at XWikiLDAPAuthServiceImpl
to see how it does it and do the same. #createUserFromLDAP and
#updateUserFromLDAP methods which are both protected. You can also
look at #syncUser which take care of calling create or update.

I just suggested the cleaner way for your authenticator in the long term IMO.

> --
> View this message in context: 
> http://n2.nabble.com/Custom-authentication%2C-LDAP-configuration-tp3031494p3045306.html
> Sent from the XWiki- Users mailing list archive at Nabble.com.
> _______________________________________________
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users

Thomas Mortagne
users mailing list

Reply via email to