Tags:
create new tag
, view all tags

Question

I use LdapContrib (great plugin - great work) to authenticate the users:

Configuration within lib/LocalSite.cfg (among others) is:

# define the user login name attribute
$TWiki::cfg{Ldap}{LoginAttribute} = 'uid';
# define the user's wiki name attribute
$TWiki::cfg{Ldap}{WikiNameAttribute} = 'cn';
# flag to remove whitespaces in wiki names that come from ldap
$TWiki::cfg{Ldap}{WikiNameRemoveWhiteSpace} = 1;
# flag indicating wether we fallback to TWikiGroups
$TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 0;

## done within configure-page:
$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapUser';
$TWiki::cfg{MapUserToWikiName} = 0;
$TWiki::cfg{UserMappingManager} = 'TWiki::Users::LdapUserMapping';

With these settings, a user can login with his uid and gets logged in with his TWikiName GivennameLastname. But also Ldap-Posixgroups would be integrated into wiki as documented in LdapContrib#User_Groups

I just want to use LDAP to only authenticate the users. This should be setup, as diff to configuration above, with: $TWiki::cfg{UserMappingManager} = 'TWiki::Users::TWikiUserMapping'; as documented in LdapContrib#Authentication. But with this setting, the user is always logged in with his uid (regardless of the setting of $TWiki::cfg{MapUserToWikiName} = 0;)

What's wrong? Can I achieve TWikiName-Mapping with the use of LDAP-cn-attribute without also using the LDAP-groups?

Environment

TWiki version: TWikiRelease04x00x04
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: SuSE 9.3
Web server: Apache2
Perl version:  
Client OS: SuSE 9.3
Web Browser: Firefox 1.5
Categories: Authentication

-- AlexanderScholler - 24 Aug 2006

Answer

ALERT! If you answer a question - or have a question you asked answered by someone - please remember to edit the page and set the status to answered. The status is in a drop-down list below the edit box.

Note that I have to set (in contrast to the mentioned above) $TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 1; to use group-memberships defined within TWiki.TWikiGroups But the name TWikiGroupsBackoff indicated that by enabling this parameterm the backfall is turned off. I wanted to turn it on and previously set 0, which seems to be interpreted exactly the wrong way.

A parameter-name of TWikiGroupsFallback would be better with

  • false indicating that Fallback is not done
  • true indicating that Fallback is done

-- AlexanderScholler - 24 Aug 2006

I had to change the LoginName within TWikiUsers (the second column within the User-bulleting is the loginname) for users already registered and activate AllowLoginName within configure so that the uid from LDAP can be entered as LoginName.

-- AlexanderScholler - 01 Sep 2006

 
Change status to:
WebForm
SupportStatus AnsweredQuestions
Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2006-09-01 - AlexanderScholler
 

Twitter Delicious Facebook Digg Google Bookmarks E-mail LinkedIn Reddit StumbleUpon    
  • Download TWiki
TWiki logo Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.