On Mon, Jun 8, 2009 at 22:15, Andawyr<[email protected]> wrote: > > On Sat, Jun 6, 2009 at 6:56 AM, tmortagne (via Nabble) < > [email protected]<ml-user%[email protected]> >> wrote: > >> Hi, >> >> On Fri, Jun 5, 2009 at 18:33, >> Andawyr<anda...@...<http://n2.nabble.com/user/SendEmail.jtp?type=node&node=3035230&i=0>> >> wrote: >> > >> > We've configured our XWiki instance to use a custom authentication plugin >> to >> > authenticate via a secure logon cookie. When the user signs in, >> information >> > pertaining to the user is fetched from Active Directory; note that this >> is >> > done as part of the plugin, and does not access A/D via XWiki. >> > >> > However, the side effect of this change is that a user has to access >> XWiki >> > once to get created in the local user space so they can then be added to >> the >> > various groups that have been created in the wiki. This is inconvenient >> at >> > best, and I would like to fix this. >> > >> > I found an interesting script in this post: >> > >> > http://n2.nabble.com/LDAP---importing-users-td506206.html#a506207 >> > >> > that provides a script to query LDAP via XWiki, and populate the local >> user >> > store with all A/D users. >> > >> > My question is: can I configure XWiki to use both the custom >> authentication >> > plugin, *and* configure LDAP access so I can use the above script to >> > populate the database? >> > >> > If the above doesn't work, I can create a perl script that will generate >> a >> > script that I can put into a Wiki page, but that's not as nice as having >> a >> > canned script available the wiki that I can run at the click of a mouse. >> > >> >> What you can do is extends the XWikiLDAPAuthServiceImpl authenticator, >> do your custom part and let it do the LDAP part. All the methods are >> protected so you can easily modify some parts of it's behavior if you >> need. That way your custom authenticator is called but it can use the >> XWiki standard LDAP authenticator (which will use the same >> configuration it would use if it was the "main" authenticator) as a >> tool. > > > So, just to be clear, this will perform user searches directly against > LDAP? Will there be any harm to manually inserting people into the XWiki > user store ahead of implementing the new LDAP auth service class? I need to > get users using the wiki asap, and I can't wait until I have the new auth > service class implemented....
If you just want the part which create a xwiki user from ldap information you can look at XWikiLDAPAuthServiceImpl (http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/LDAP/XWikiLDAPAuthServiceImpl.java) to see how it does it and do the same. #createUserFromLDAP and #updateUserFromLDAP methods which are both protected. You can also look at #syncUser which take care of calling create or update. I just suggested the cleaner way for your authenticator in the long term IMO. > > -- > View this message in context: > http://n2.nabble.com/Custom-authentication%2C-LDAP-configuration-tp3031494p3045306.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
