[
http://jira.xwiki.org/jira/browse/XWIKI-1079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_22531
]
Thomas Mortagne commented on XWIKI-1079:
----------------------------------------
It seems that this implementation never create groups in XWiki database and
read a xwiki.cfg parameter listing groups names mapping between ldap and XWiki
(unless I did not understood somthing).
Is the people that already tested it can confirm this ?
In that case do you think is enought or de we really need to dynamically get
users groups and sync them in XWiki database like we do for users ?
Any way this will have to be done sooner or latter but as I don't use LDAP a
lot I'm asking if the way it's working actually is totally useless or can be
correct for a first LDAP groups support implementation.
> LDAP Authentication
> -------------------
>
> Key: XWIKI-1079
> URL: http://jira.xwiki.org/jira/browse/XWIKI-1079
> Project: XWiki Core
> Issue Type: Improvement
> Components: Admin, Authentication and Rights Management, Plugin -
> Other, Wiki features
> Affects Versions: 1.0 B6
> Reporter: Gunter Leeb
> Assigned To: Sergiu Dumitriu
> Fix For: 1.3 M2
>
> Attachments: 20080207-new_ldap_auth.patch,
> 20080208-new_ldap_auth.patch, ldap.zip, LDAPAuthenticater.class,
> LDAPAuthenticater.java, LDAPAuthenticater.java, LDAPAuthenticater.java,
> new_ldap_auth.patch, ssl.zip, XWiki.zip
>
>
> I have finished the implementation of a substitude LDAP authentication class.
> The new features and changes:
> - Separate LDAP login and authentication validation
> - An LDAP group membership is first checked before a user can be
> authenticated against LDAP
> - LDAP Groups are handled recursivly (groups in groups)
> - LDAP Groups and their members are cached with an expiration
> - LDAP attributes can update XWiki user attributes configurable at create
> time or on every login
> - LDAP group membership can be sync'ed with XWiki group membership
> - If authentication with LDAP fails it still will try to authenticate against
> the XWiki DB
> - detailed comments in xwiki.cfg
> - pretty much every detail of the behavior can be configured in xwiki.cfg
> - as far as I can see, all valuable features from the old LDAPAuthServiceImpl
> are reimplemented (except for LDAP bind being sufficent for login implemented
> by the check_level configuration)
> - I have tried to implement all the feature requests about LDAP that I have
> heard about
> - any LDAP attribute can be used containing the XWiki name
> Known Issues:
> - joining an XWiki group or removing someone from a group does not appear to
> work correctly
> - creating a user appears incomplete to me
> I tested against OpenLDAP and Novell eDirectory.
> I would like to ask for a code-read, verification of how the module is using
> the XWiki APIs and testing in various environments.
> Most of all, I am looking for feedback.
> This is not a final version!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.xwiki.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
notifications mailing list
notifications@xwiki.org
http://lists.xwiki.org/mailman/listinfo/notifications
