On Tue, Dec 15, 2009 at 20:36, Milind Kamble <mbk...@yahoo.com> wrote: > Hi. > I am evaluating XWiki's LDAP-based authentication capabilities. The > intention is to have a locked-locked-light wiki instance for my group in a > large AD-based corporate environment. The LDAP documentation in xwiki.cfg > clarifies how to map LDAP groups to XWiki groups. However, for ease of ACL > administration, I would like to treat only users belonging to > xwiki.authentication.ldap.group_mapping as "registered" users and the rest of > the users within the corporation as "Guests". > Is there any way of achieving this mapping? > > Presently, I have setup LDAP config to authenticate any user within the > corporation using > xwiki.authentication.ldap.user_group=cn=workers,ou=etc.etc. > > This causes every user to be treated as a registered user (after successful > authentication of course). > > The only work around I can see is to have an AD group (say X) that contains > all the mapped groups specified in xwiki.authentication.ldap.group_mapping, > but that requires X to be updated in sync with changes made to > xwiki.authentication.ldap.group_mapping. If I can avoid the need for setting > and maintaining X, that would be nice.
Currently there is no other way i can think of, see http://jira.xwiki.org/jira/browse/XWIKI-2518 Note that generally in LDAP you can put groups into groups so you only need to put the groups you have in group_mapping in your LDAP X group so that maintain it should not be to painful. The good thing is that it's very clear in your LDAP who has the right to access to the wiki and you can exceptionally add a user that is not part of the mapping groups which is more complex to support at XWiki level. > > Thanks, > Milind > > > > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
