Re: [xwiki-users] LDAP authentication, group membership problem

Tue, 13 May 2008 10:39:19 -0700 

Hi,

Looking at the source code in 
http://svn.xwiki.org/svnroot/xwiki/xwiki-platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/plugin/ldap/XWikiLDAPUtils.java

    /**
     * The LDAP attribute containing the identifier for a user.
     */
    private String uidAttributeName = LDAP_DEFAULT_UID;

    static {
        LDAP_GROUP_CLASS.add("group".toLowerCase());
        LDAP_GROUP_CLASS.add("groupOfNames".toLowerCase());
        LDAP_GROUP_CLASS.add("groupOfUniqueNames".toLowerCase());
        LDAP_GROUP_CLASS.add("dynamicGroup".toLowerCase());
        LDAP_GROUP_CLASS.add("dynamicGroupAux".toLowerCase());
        LDAP_GROUP_CLASS.add("groupWiseDistributionList".toLowerCase());

        LDAP_GROUP_MEMBER.add("member".toLowerCase());
        LDAP_GROUP_MEMBER.add("uniqueMember".toLowerCase());
    }

It seems there is no support for my openldap schema, my group class is 
"posixGroup" and my group membership attribute is "memberUid". Wouldn't it be a 
good idea to make these values configurable in xwiki.cfg?

Thanks,

Michael

----- "Michael Jeanson" <[EMAIL PROTECTED]> wrote:

> Hi,
> 
> I'm trying to get ldap authentication working on xWiki 1.3.2.9174
> against an openldap server but there seems to be a problem with group
> membership validation.
> 
> Here is what I have in the logs :
> 
> [http-8080-1] DEBUG LDAP.XWikiLDAPAuthServiceImpl   - Checking if the
> user belongs to the user group: cn=xwiki,ou=Group,dc=example,dc=net
> [http-8080-1] ERROR ldap.XWikiLDAPUtils             - Could not find
> attribute uid for LDAP dn cn=xwiki,ou=Group,dc=example,dc=net
> [http-8080-1] DEBUG LDAP.XWikiLDAPAuthServiceImpl   - Trying
> authentication against XWiki DB
> [http-8080-1] WARN  LDAP.XWikiLDAPAuthServiceImpl   - LDAP
> authentication failed.
> 
> It seems xWiki uses the "uid" attribute to map group membership but in
> my case it should be "memberUid"
> 
> The relevant configuration parameters :
> 
> xwiki.authentication.ldap.user_group=cn=xwiki,ou=Group,dc=example,dc=net
> xwiki.authentication.ldap.UID_attr=uid
> 
> The attribute "uid" is correctly used to define a unique user but I
> haven't found any parameter in the admin guide to define the group
> membership attribute, I am missing something?
> 
> Thanks,
> 
> Michael
> 
> ---
> Michael Jeanson - Revolution Linux
> http://www.revolutionlinux.com - (819) 780 8955 #1119
> 
> * Toute opinion et prise de position exprimée dans ce message est
> celle de son auteur et pas nécessairement celle de Révolution Linux.
> ** Any views and opinion presented in this e-mail are solely those of
> the author and do not necessarily represent those of Révolution Linux.
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users

Reply via email to