[
http://jira.xwiki.org/jira/browse/XWIKI-238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_23068
]
Thomas Mortagne commented on XWIKI-238:
---------------------------------------
As far as I can see in the new implementation, the XWiki user document name is
created based on provided login and not using what is in LDAP (for example
sAMAccountName in Active Directory). So if user use "toto" as login the created
user will be "XWiki.toto". That way it's working even LDAP is disabled for
already registered users.
> When using XWiki + Active directory , treat sAMAccountName (name) case
> insensitively.
> --------------------------------------------------------------------------------------
>
> Key: XWIKI-238
> URL: http://jira.xwiki.org/jira/browse/XWIKI-238
> Project: XWiki Core
> Issue Type: Bug
> Components: Authentication and Rights Management
> Affects Versions: 0.9.840
> Environment: Xwiki, Microsoft Active Directory, Oracle Database
> Reporter: Srini Pulugurtha
> Assigned To: Thomas Mortagne
> Fix For: Future
>
> Attachments: current-users.png, LDAPAuthServiceImpl-r3342.diff,
> lenpalek.png, MyLdapTest.java, myXwikiConfig.zip, xwikiallgroup.png
>
>
> Our environment of Acive Directory (AD) is, lets say, not perferct. It has
> some userids/sAMAccount names in all lower case and some in mixed case. For
> eg, 'JSmith' for John Smith and 'jdoe' for John Doe.
> However, users use all lowercase when they log into machines. We integrated
> our XWiki with AD they would try log in with all lower case user id.
> But, for some users who had their samAccountName / user id stored in mixed
> case on AD, XWiki LDAPPlugin seems to do the following, when the log in with
> all lower case user id (jsmith)
> - Fetch login info, log them in and store the user with mixed case
> credentials in XWiki database (JSmith).
> - Compare the current user (jsmith) with the one in DB (JSmith)
> - Fail the login
> However, I see that a new user JSmith is created in XWiki.
> After digging through the logs, I have found that when it does fields
> mapping, it resets the name from AD. If I omit, name=sAMAccountName, it did
> not work for any users.
> xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
> Fix:
> After fetching 'name' field from AD, I am converting to lowercase. Some
> implementations may not like it, so it could be made configurable . (like
> IGNORE_UID_CASE_FOR_AD)
> {code}
> ////// createUserFromLDAP
> private void CreateUserFromLDAP(String susername, HashMap attributes,
> XWikiContext context) throws XWikiException {
> System.out.println("authenticate - CreateUserFromLDAP");
> String ldapFieldMapping = getParam("ldap_fields_mapping",context);
> if (ldapFieldMapping != null && ldapFieldMapping.length() > 0)
> {
> String[] fields = ldapFieldMapping.split(",");
> BaseClass bclass = context.getWiki().getUserClass(context);
> BaseObject bobj = new BaseObject();
> bobj.setClassName(bclass.getName());
> String name = null;
> String fullwikiname = null;
> for(int i = 0; i < fields.length; i++ )
> {
> String[] field = fields[i].split("=");
> if (2 == field.length)
> {
> String fieldName = field[0];
> if (attributes.containsKey(field[1]))
> {
> String fieldValue;
> fieldValue = (String)attributes.get(field[1]);
> if (fieldName.equals("name"))
> {
> // Srini - 03/09 converting
> all names to lowercase
> if(fieldValue != null)
> fieldValue =
> fieldValue.toLowerCase() ;
> name = fieldValue;
> fullwikiname = "XWiki." + name;
> bobj.setName(fullwikiname);
> }
> else
> {
> bobj.setStringValue(fieldName, fieldValue);
> }
> }
> }
> ///// the method continues /////////////////////////////////////////////
> {code}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.xwiki.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
notifications mailing list
notifications@xwiki.org
http://lists.xwiki.org/mailman/listinfo/notifications
