Hi Steve, Thanks for the tips !
I just created a "LDAP detailed uses cases" page in Administration Guide to describe this kind of things as LDAP configuration become more and more complex : http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCases Would be great that you add the first one ;) On Thu, Jul 24, 2008 at 4:59 PM, Stefan Woehrer <[EMAIL PROTECTED]> wrote: > > Found out a nice "workaround" (which isn't a real one of course..) > > For all who experience the same problem: Create a AD-group that contains all > users that have to log into your XWiki. The users can be located in > different subdomains / servers. Then set the > xwiki.authentication.ldap.user_group parameter to that group (you have to > use the full qualified name to the group, not only the group's name). > > XWiki will search in the member-Fields of that group. If the user is found > as a member, XWiki seems to try a binding with that user, which should work, > because the member field contains the full qualified name of that user > (inclusive subdomain). > > Take care of the xwiki.authentication.ldap.UID_attr parameter, because most > likely you'll have it set to "sAMAccountName". However, it can be that in > the group-membership fields the user is represented by "cn", so you may have > to use the "cn" for the UID_attr and login with the cn instead of the > sAMAccountName. > > (Shall I put this "guide" somewhere onto the xwiki homepage? Where would be > the best place...) > > Steve > -- > View this message in context: > http://n2.nabble.com/LDAP-Multiple-Domains-tp510482p580443.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
