I have XWiki set up with Trusted LDAP (Kerberos + LDAP), and I am able to log in and see that my LDAP information (like full name and email) is populated in my user profile.
Group mapping, however, does not work. Here is the relevant parts of my xwiki.cfg file: (Notes: - I have changed the real domain name to "mydomain" below - The remote user gets set as usern...@ant.mydomain.com ) ---------------------------- *xwiki.xfg:* # Trusted LDAP xwiki.authentication.authclass=com.xwiki.authentication.trustedldap.TrustedLDAPAuthServiceImpl xwiki.authentication.trustedldap.remoteUserParser=([^@]+)@ANT\.(.+) xwiki.authentication.trustedldap.remoteUserMapping.1=login xwiki.authentication.trustedldap.remoteUserMapping.2=domain # LDAP xwiki.authentication.ldap.server=ldap.mydomain.com xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.bind_DN= xwiki.authentication.ldap.bind_pass= xwiki.authentication.ldap.base_DN=o=mydomain.com xwiki.authentication.ldap.UID_attr=uid xwiki.authentication.ldap.group_classes=posixgroup,group,groupofuniquenames xwiki.authentication.ldap.group_memberfields=memberuid xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail xwiki.authentication.ldap.update_user=1 xwiki.authentication.ldap.group_mapping=XWiki.IntranetGroup=cn=intranet,ou=posix groups,ou=infrastructure,o=mydomain.com ---------------------- For reference, I am able to query for a single user like this (using anonymous access): % /usr/bin/ldapsearch -x -h ldap.mydomain.com -p 389 -b "o=mydomain.com" uid=username Also, I can query for a group (called "intranet") like this: % /usr/bin/ldapsearch -x -h ldap.mydomain.com -p 389 -b "ou=posix groups,ou=infrastructure,o=mydomain.com" cn=intranet I've spent a lot of time with different LDAP options, but I am not able to get LDAP group mapping to work. Could anyone tell me what I am doing wrong here? Thanks in advance Debajit _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users