Thanks for you prompt reply Thomas. I really appreciate that. The issue XWIKI-2518 that you pointed out was exactly the solution I was thinking of. Meanwhile, I think that setting up the super group X should satisfy our needs.
Just curiously, why is it difficult to define xwiki group consisting of subgroups and individuals? I thought that is already the way it works. Thanks Milind ----- Original Message ---- > From: Thomas Mortagne <[email protected]> > To: XWiki Users <[email protected]> > Sent: Tue, December 15, 2009 2:29:53 PM > Subject: Re: [xwiki-users] Limitng registered users list to Ldap (Active > Directory) groups mapped to XWiki groups > > On Tue, Dec 15, 2009 at 20:36, Milind Kamble wrote: > > Hi. > > I am evaluating XWiki's LDAP-based authentication capabilities. The > intention is to have a locked-locked-light wiki instance for my group in a > large > AD-based corporate environment. The LDAP documentation in xwiki.cfg clarifies > how to map LDAP groups to XWiki groups. However, for ease of ACL > administration, > I would like to treat only users belonging to > xwiki.authentication.ldap.group_mapping as "registered" users and the rest of > the users within the corporation as "Guests". > > Is there any way of achieving this mapping? > > > > Presently, I have setup LDAP config to authenticate any user within the > corporation using > > xwiki.authentication.ldap.user_group=cn=workers,ou=etc.etc. > > > > This causes every user to be treated as a registered user (after successful > authentication of course). > > > > The only work around I can see is to have an AD group (say X) that contains > all the mapped groups specified in xwiki.authentication.ldap.group_mapping, > but > that requires X to be updated in sync with changes made to > xwiki.authentication.ldap.group_mapping. If I can avoid the need for setting > and > maintaining X, that would be nice. > > Currently there is no other way i can think of, see > http://jira.xwiki.org/jira/browse/XWIKI-2518 > > Note that generally in LDAP you can put groups into groups so you only > need to put the groups you have in group_mapping in your LDAP X group > so that maintain it should not be to painful. The good thing is that > it's very clear in your LDAP who has the right to access to the wiki > and you can exceptionally add a user that is not part of the mapping > groups which is more complex to support at XWiki level. > > > > > Thanks, > > Milind > > > > > > > > _______________________________________________ > > users mailing list > > [email protected] > > http://lists.xwiki.org/mailman/listinfo/users > > > > > > -- > Thomas Mortagne > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
