The issue appears to be solved now. (There was an error in my regex) On Thu, Sep 24, 2015 at 12:20 PM, Debajit Adhikary <debaj...@gmail.com> wrote:
> I have XWiki set up with Trusted LDAP (Kerberos + LDAP), and I am able to > log in and see that my LDAP information (like full name and email) is > populated in my user profile. > > Group mapping, however, does not work. > > Here is the relevant parts of my xwiki.cfg file: > > (Notes: > - I have changed the real domain name to "mydomain" below > - The remote user gets set as usern...@ant.mydomain.com ) > > ---------------------------- > > *xwiki.xfg:* > > # Trusted LDAP > > xwiki.authentication.authclass=com.xwiki.authentication.trustedldap.TrustedLDAPAuthServiceImpl > xwiki.authentication.trustedldap.remoteUserParser=([^@]+)@ANT\.(.+) > xwiki.authentication.trustedldap.remoteUserMapping.1=login > xwiki.authentication.trustedldap.remoteUserMapping.2=domain > > # LDAP > xwiki.authentication.ldap.server=ldap.mydomain.com > xwiki.authentication.ldap.port=389 > xwiki.authentication.ldap.bind_DN= > xwiki.authentication.ldap.bind_pass= > xwiki.authentication.ldap.base_DN=o=mydomain.com > xwiki.authentication.ldap.UID_attr=uid > xwiki.authentication.ldap.group_classes=posixgroup,group,groupofuniquenames > xwiki.authentication.ldap.group_memberfields=memberuid > > xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail > xwiki.authentication.ldap.update_user=1 > xwiki.authentication.ldap.group_mapping=XWiki.IntranetGroup=cn=intranet,ou=posix > groups,ou=infrastructure,o=mydomain.com > > ---------------------- > > For reference, I am able to query for a single user like this (using > anonymous access): > % /usr/bin/ldapsearch -x -h ldap.mydomain.com -p 389 -b "o=mydomain.com" > uid=username > > Also, I can query for a group (called "intranet") like this: > % /usr/bin/ldapsearch -x -h ldap.mydomain.com -p 389 -b "ou=posix > groups,ou=infrastructure,o=mydomain.com" cn=intranet > > I've spent a lot of time with different LDAP options, but I am not able to > get LDAP group mapping to work. Could anyone tell me what I am doing wrong > here? > > Thanks in advance > Debajit > > _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users