I have successfully configured our xwiki site to use LDAP authentication
against Active Directory. The convention for the user IDs in our Active
Directory is to use a period to separate the given name and surname as in
mark.sack. I added the LDAPProfileClass object to the user profiles to map
the Active Directory IDs to the internal wiki ones. I had created the users
before implementing the Active Directory authentication with the convention
of an underscore in between the given name and the surname.

Now I would like to implement a single signon solution for all of our
applications and have set up a CAS server to authenticate against Active
Directory. The authentication works fine but the CAS authentication in xwiki
seems to simply strip out the period in the Active Directory ID instead of
mapping to the existing user. I observed the following behaviour:
- in xwiki.cfg, if I set xwiki.authentication.cas.create_user to 1 and login
as mark.sack (with my Active Directory password), the login is successful.
But xwiki creates a new user with id marksack instead of mapping to the
existing mark_sack user (mark_sack has the LDAPProfileClass set to
- in xwiki.cfg, if I set xwiki.authentication.cas.create_user to 0 and login
as mark.sack, the login fails with a message that to the effect that the
user does not exist.

How could I achieve the mapping of xwiki users to Active Directory for CAS

Our system is relatively small (about 40 users so far) and has not yet
really been rolled out to the user community. So if need be, I could create
new xwiki users following the convention required by xwiki (no character
between the given name and surname). But I would prefr to avoid that if I

View this message in context: 
Sent from the XWiki- Users mailing list archive at Nabble.com.
users mailing list

Reply via email to