[ http://jira.xwiki.org/jira/browse/XWIKI-1079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_22531 ]
Thomas Mortagne commented on XWIKI-1079: ---------------------------------------- It seems that this implementation never create groups in XWiki database and read a xwiki.cfg parameter listing groups names mapping between ldap and XWiki (unless I did not understood somthing). Is the people that already tested it can confirm this ? In that case do you think is enought or de we really need to dynamically get users groups and sync them in XWiki database like we do for users ? Any way this will have to be done sooner or latter but as I don't use LDAP a lot I'm asking if the way it's working actually is totally useless or can be correct for a first LDAP groups support implementation. > LDAP Authentication > ------------------- > > Key: XWIKI-1079 > URL: http://jira.xwiki.org/jira/browse/XWIKI-1079 > Project: XWiki Core > Issue Type: Improvement > Components: Admin, Authentication and Rights Management, Plugin - > Other, Wiki features > Affects Versions: 1.0 B6 > Reporter: Gunter Leeb > Assigned To: Sergiu Dumitriu > Fix For: 1.3 M2 > > Attachments: 20080207-new_ldap_auth.patch, > 20080208-new_ldap_auth.patch, ldap.zip, LDAPAuthenticater.class, > LDAPAuthenticater.java, LDAPAuthenticater.java, LDAPAuthenticater.java, > new_ldap_auth.patch, ssl.zip, XWiki.zip > > > I have finished the implementation of a substitude LDAP authentication class. > The new features and changes: > - Separate LDAP login and authentication validation > - An LDAP group membership is first checked before a user can be > authenticated against LDAP > - LDAP Groups are handled recursivly (groups in groups) > - LDAP Groups and their members are cached with an expiration > - LDAP attributes can update XWiki user attributes configurable at create > time or on every login > - LDAP group membership can be sync'ed with XWiki group membership > - If authentication with LDAP fails it still will try to authenticate against > the XWiki DB > - detailed comments in xwiki.cfg > - pretty much every detail of the behavior can be configured in xwiki.cfg > - as far as I can see, all valuable features from the old LDAPAuthServiceImpl > are reimplemented (except for LDAP bind being sufficent for login implemented > by the check_level configuration) > - I have tried to implement all the feature requests about LDAP that I have > heard about > - any LDAP attribute can be used containing the XWiki name > Known Issues: > - joining an XWiki group or removing someone from a group does not appear to > work correctly > - creating a user appears incomplete to me > I tested against OpenLDAP and Novell eDirectory. > I would like to ask for a code-read, verification of how the module is using > the XWiki APIs and testing in various environments. > Most of all, I am looking for feedback. > This is not a final version! -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.xwiki.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira _______________________________________________ notifications mailing list notifications@xwiki.org http://lists.xwiki.org/mailman/listinfo/notifications