Hi Maxime, Maxime Mathieu wrote: > Hi, > > I have applied the last section of this doc > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCases(like > you). > So, in theory, users are created only in the main wiki. And it is the > desired behavior. >
First of all, allow me what could be a silly question: *virtual wiki* and *subwiki* are used as synonyms? Local and main wiki are also used indistinctly? I think Local is used as "relative" concept both in the main and virtual wikis to express that an user or a group is defined in its database. Thus, I think it will be better to use *main wiki* for the "master", even though I prefer the the old wary: the controller, and *virtual wikis* for any other wiki in the farm. In fact sub wiki could be not appropriate for a number or reasons. For instance, here we have some virtual wikis that are far from being considered as a sub-group of the controller. In brief: I would like to propose to use *controller* and *virtual wikis* as the advised way of calling both type of wikis. WDYT? Thanks! > But in fact, an admin can create a local user (not connected to the LDAP) in > a subwiki. It is what I have done only to test the Meta-G feature. > If you know how to prevent local user creation, I'm interested. > No idea, sorry. I've not faced this kind of challenges yet. What I understand here is that you want to have virtual wikis administrators that won't be able to create local users, am I right? This will be welcome also here. > More about my configuration : > Users don't have the right to read the main wiki (except their profil page, > of course). > Only users are imported from the LDAP, the groups are xwiki groups. Here groups in the directory service are used for many other different things. So, for us, groups in the farm and in the directory service must be synchronized. In fact, this is a feature we are planning to develop. Well, patronize its development! I am far from being able to develop such a thing! Now, users and groups can be synchronized with directory service contains, but that is not true the other way round. For instance: if an user changes its telephone number in the his/her wiki profile, the change won't propagate to the directory. Please, why do you use XWiki groups? > The > principle to manage the rights of a subwiki is that the subwiki > administrator creates local group and inserts global users in it. > I get your point, but as stated before, groups for us have a lot of different uses in the directory service. I've not tried yet how LDAP properties set at virtual wiki level behave. I will keep this thread, or created new ones if required, updated about this issue. BTW, does global user selector work for you when editing local groups in virtual wikis? It doesn't show any result for me. Cheer! Ricardo -- Ricardo RodrÃguez CTO eBioTIC. Life Sciences, Data Modeling and Information Management Systems _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
