JSPWiki 3.0 trunk already has an LdapUserDatabase and LdapAuthorizer, which means that it can obtain user profiles on a read-only basis from LDAP, and obtain roles from LDAP groups. So if you use LDAP, your users will be "provisioned" in JSPWiki automatically. This should solve the user-experience problem you described.
The upcoming 3.0 LDAP features have been developed and tested with Active Directory and OpenLDAP. It is configured via the GUI at install-time. With respect to permissions and group memberships: these are good suggestions. We still have some work to do for the GUI for ACLs for 3.0. I agree that we should be validating user names when users create the ACLs. Same for adding users to groups. These suggestions will be incorporated into how the ACL GUIs work -- likely via AJAX in real-time. Andrew On Sat, Oct 24, 2009 at 7:25 AM, Thomas Engelschmidt <[email protected]> wrote: > The group and permission system in the jspwiki is rather dynamic, and ldaps > tends to be readonly except for a groups of administrators. There for there > is still need for the user.xml and group.xml. But in my opinion the user.xml > needs to be automatically updated when a new ldap user is logged in. > > Otherwise granting and managing jspwiki permissions i a nightmare, this also > enhanced since there is no check on if a user exist - when adding users to > wiki group or setting a page permission. > > I think the following should be changed. > > - First time a new user is logged in - the user should be added to the the > user.xml and redirect to the profile page for setting additional information > (email, full name and section edition etc) > > - Adding page permission should lookup if the group or the user exist. > > - Adding users to a wiki group should only be possible for existing users. > > /Thomas > > > On Oct 24, 2009, at 10:57 , Jim Willeke wrote: > >> Why allow people to eliminate the user.xml? >> >> Why not allow the use of LDAP for the user profile? >> >> Allow mapping the LDAP attributes to the profile values? >> >> Enterprises have no desire to maintain another separate user store of >> information. Many already have a central LDAP store. >> >> -jim >> Jim Willeke >> >> >> On Fri, Oct 23, 2009 at 2:09 PM, Thomas Engelschmidt <[email protected]> wrote: >> >>> I would suggest a change, if a ldap user is logging the first time. the >>> Wiki should create the user in the user.xml - it gives a lot of problem >>> when >>> adding a ldap user to a wiki group, since it possible that the user isn't >>> created. >>> >>> >>> On Oct 23, 2009, at 00:38 , Andrew Jaquith wrote: >>> >>> If a user creates a user profile after logging into the container, he or >>>> >>>> she will have an opportunity to specify a "full name." If a full name is >>>> supplied, it will be used in page histories etc from that point forward. >>>> >>>> Andrew >>>> >>>> On Oct 22, 2009, at 16:34, Harald Krammer <[email protected]> wrote: >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> >>>>> Hash: SHA256 >>>>> >>>>> Hello, >>>>> I run JSPWiki with Web Container Authentication via LDAP and it runs >>>>> fine (JSPWIki 2.8.2, OpenLDAP 2.4.11, Apache 6.0.20, OpenJDK 6). >>>>> >>>>> Only the visualization of real user name is still missing. I get only >>>>> the login name (short name) instead of the full name in the change >>>>> history and so on. Is it a default behaviour or misconfiguration? >>>>> >>>>> Nice greetings, >>>>> Harald >>>>> >>>>> - -- >>>>> >>>>> Harald Krammer >>>>> Brucknerstrasse 33 >>>>> A - 4020 Linz >>>>> AUSTRIA >>>>> >>>>> Mobil +43.(0) 664. 130 59 58 >>>>> Mail: Harald.Krammer (at) hkr.at >>>>> -----BEGIN PGP SIGNATURE----- >>>>> Version: GnuPG v1.4.9 (GNU/Linux) >>>>> >>>>> iEYEAREIAAYFAkrgwegACgkQ9QlAsubHO9vd7QCfT5rEQYRsPUAVvbs/HrqMiWfZ >>>>> w6cAnjEp4FKX+3T3szBwW1n+DbCMd0z0 >>>>> =Kd7Y >>>>> -----END PGP SIGNATURE----- >>>>> >>>> >>> > >
