On Tue, Jun 9, 2009 at 17:10, Andawyr<[email protected]> wrote: > > > > tmortagne wrote: >> >> If you just want the part which create a xwiki user from ldap >> information you can look at XWikiLDAPAuthServiceImpl >> (http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/LDAP/XWikiLDAPAuthServiceImpl.java) >> to see how it does it and do the same. #createUserFromLDAP and >> #updateUserFromLDAP methods which are both protected. You can also >> look at #syncUser which take care of calling create or update. >> >> I just suggested the cleaner way for your authenticator in the long term >> IMO. >> > > Maybe I haven't presented my issue clear enough, since I don't think you > quite understand what I'm after. Or, maybe you do and I'm just not grocking > your response. > > let me try again :-) Our current authentication class will do the following: > > - allow forms based login, if the wiki is accessed from outside the > application that creates the SSO login cookie. > - if the SSO login cookie exists, use the ID contained in the cookie to > validate the user against LDAP. note that the password is not checked, > since that has already been done by the containing application. > > So, when a user signs in for the first time and accesses the wiki, the user > will be created in XWiki, and placed into the 'all users' group. On > subsequent logins, user information is updated from LDAP. > > However, to properly configure groups to restrict access to various bits of > wiki content, the users all need to sign into the application first before I > can add them to the group, since searching as currently implemented does NOT > search ldap; rather, it searches the local user database. > > I need to have user searching go against LDAP directly, so the restriction > of forcing users to sign into the application first is not required. > > I hope that explains what I'm trying to do.
Yes now i understand ;) So what you need is that group admin UI look at LDAP also instead of just XWiki (or at worst to synch all the LDAP users once), right ? There is nothing like that in standard and i doubt it's easy to modify the user/group UI to support other users "sources". Note that if you know the users uids you can put them in the groups even if the users does not exists yet. Simply add "XWiki.<ldapuid>" (or xwiki:XWiki.userid) depending of your LDAP configuration in group. Look at existing users ids in the group you want to edit to be sure. > > -- > View this message in context: > http://n2.nabble.com/Custom-authentication%2C-LDAP-configuration-tp3031494p3050026.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
