>> . The xwiki.authentication.ldap.exclude_group & >> xwiki.authentication.ldap.user_group. We dont have a group in >> ou=Groups that has all the people in our organization so there no way >> to use the user_group field. Is there some way to instead use a filter >> query. > >No that is not supported. But patches are welcomed ;)
Bummer. >> . The xwiki.authentication.ldap.UID_attr field, seems like I >> should want to leave it as cn but I was unable to get it to work >> unless I set it to uid, because it appears that the queries into LDAP >> are hardcoded to use cn otherwise. But using uid as the username in >> XWiki creates accounts like firstnamelastn...@hpcom where all the .'s have >> been eliminated. > >The description in xwiki.cfg is actually not very good. UID_attr is not used >to choose the XWiki user name, the XWiki user name is always created based on >what user provided in the login form. UID_attr is used to search the user in >LDAP server or manage LDAP group membership. Ahh, ok, that makes more sense. Thanks. Is there any way to configure the algorithm used for creating the xwiki user name? Personally I would prefer something that replaced the .'s with _'s or something, but I guess it is what it is... >> Unfortunately with the strategy employed here there is no way to >> ensure that the username mapping is unique because just dropping the >> .'s can lead to conflicts, consider for example the following uid's, >> [email protected] and [email protected] both get reduced to >> johnch...@foocom. I know you are thinking, geez that will never >> happen. Unfortunately with lots of employees, we have LOTS of >> multiple names (we must have like 20+ Tom Smith's, etc) so all these corner >> cases do in fact crop up. > >Actually you are wrong, this taken into account and you are not supposed to >have technical conflicts: each created XWiki user contains it's LDAP DN in an >object and when a user with the same uid after cleaning tries to connect the >LDAP DN is used to ensure it's the right profile and if not an incremented >counter will be appended to the new XWiki profile name. > >Note: This DN is also used to be able to change a user DN without changing >it's XWiki uid or when you start using LDAP in a XWiki that used to be >"standard" and you want some of the existing use profiles to be linked to LDAP. > Is there some way to look at this ldap_dn object and/or edit it?? I looked at the object data for the user that I could see in the ui but didnt find it, Im probably not looking in the correct place. >> . Also it appears that once you configure ldap, you cant add >> local users thru the ui. I like to use local users for the >> occasional group account or machine accounts. > >That is supposed to work perfectly. That's why you have the >xwiki.authentication.ldap.trylocal property in xwiki.cfg So local accounts that were created before I connected the system to ldap work just fine for logins. But I cant seem to create new local accounts, in looking at the logs it seems like it is trying to direct everything to ldap. Is there something I need to do to tell xwiki to create a local account?? -- John Cavanaugh _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
