Question

We authenticate via LDAP using Oracle's OID server. Since we have well over 100K users that have the potential to log in, we want only those that contribute to our site to register (i.e., those who try to edit).

As a starting point, we installed the RequireRegistrationPlugin to force users to register when attempting to login.

Although users would be redirected to the registration page, they were barred from logging in because registration was "temporarily disabled". Here's a screen shot (see the green circle):



We couldn't get the plugin to work right so we installed the NewUserPlugin, which creates topics for users who log in, without running them through the registration process.

We encounter two major obstacles with these plugins, and want to know if anyone else has faced these issues:

Obstacle One: Users cannot register, which results in their names not appearing within the list of TWiki Users (TWikiUsers).

This error has been logged under warn200802.txt:

TWikiUserMapping has TURNED OFF EnableNewUserRegistration, because the password file is read only.

We haven't been able to determine the exact issue, and we've already made the htaccess file writeable.

Obstacle Two: Neither plugin distinguishes users based on their unique entry within OID.

Meaning, a single user can have numerous topics for their name, based on the case variation within a login name.

For example, Mickey Mouse (givenName=Mickey; sn=Mouse) is a user. His loginName is mickey.mouse. Mickey's login name (mickey.mouse) is NOT case sensitive. When Mickey logs in using different patterns of capitalization, the following wiki names result:

• login: mickey.mouse
  • mickeymouse?
• login: Mickey.Mouse
  • MickeyMouse
• login: Mickey.mouse
  • Mickeymouse

Login names are NOT case sensitive; how can we ensure that wiki names are created in a consistent syntax, regardless of how a user logs in?

Has anybody experienced situations like these? We're totally perplexed by the issues, and would greatly appreciate any help.

Environment

-- ShivaGoudarzi - 26 Feb 2008

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

Obstacle one: You need to make the .../data/.htpasswd file writeable

Obstacle Two: Perhaps disable the login name option in configure. This should force a wiki name to be used.

-- JosephTrexler - 29 Feb 2008

Obstacle One: We've already made our .htpasswd file writeable, and it's had no effect--

-rw-rw-rw-   1 oracle oinstall       95 Feb 14 15:56 .htpasswd

Obstacle Two: We get the same problem, even though our settings are as follows--

$TWiki::cfg{UserMappingManager} = 'TWiki::Users::TWikiUserMapping';
$TWiki::cfg{Register}{EnableNewUserRegistration} = 1;
$TWiki::cfg{Register}{HidePasswd} = 1;
$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapUser';
$TWiki::cfg{MinPasswordLength} = 5;
$TWiki::cfg{Htpasswd}{FileName} = 'twiki/data/.htpasswd';
$TWiki::cfg{Htpasswd}{Encoding} = 'crypt';
$TWiki::cfg{OS} = 'UNIX';
$TWiki::cfg{DetailedOS} = 'linux';

$TWiki::cfg{Ldap}{SASLMechanism} = 'PLAIN CRAM-MD5 EXTERNAL ANONYMOUS';
$TWiki::cfg{Ldap}{Debug} = 1;
$TWiki::cfg{Ldap}{UserBase} = 'cn=users,dc=woozer,dc=com';
$TWiki::cfg{Ldap}{LoginFilter} = 'objectClass=inetOrgPerson';
$TWiki::cfg{Ldap}{LoginAttribute} = 'uid';
$TWiki::cfg{Ldap}{WikiNameAttribute} = 'sn, givenName';
$TWiki::cfg{Ldap}{NormalizeWikiNames} = 1;
$TWiki::cfg{Ldap}{NormalizeLoginName} = 0;
$TWiki::cfg{Ldap}{AllowChangePassword} = 0;
$TWiki::cfg{Ldap}{SecondaryPasswordManager} = 'TWiki::Users::HtPasswdUser';
$TWiki::cfg{Ldap}{GroupBase} = 'cn=groups,dc=woozer, dc=com';
$TWiki::cfg{Ldap}{GroupFilter} = 'objectClass=posixGroup';
$TWiki::cfg{Ldap}{GroupAttribute} = 'cn';
$TWiki::cfg{Ldap}{MemberAttribute} = 'memberUid';
$TWiki::cfg{Ldap}{MemberIndirection} = 0;
$TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 1;
$TWiki::cfg{Ldap}{NormalizeGroupName} = 1;
$TWiki::cfg{Ldap}{MapGroups} = 1;
$TWiki::cfg{Ldap}{MaxCacheAge} = 0;
$TWiki::cfg{Ldap}{PageSize} = 500;
$TWiki::cfg{Ldap}{Exclude} = 'TWikiGuest, TWikiContributor, TWikiRegistrationAgent, TWikiAdminGroup, NobodyGroup, JohnDoe, JaneDoe';

$TWiki::cfg{Plugins}{NewUserPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{RequireRegistrationPlugin}{Enabled} = 1;
1;

The wiki name is definitely being created, but unfortunately, too many times for the same user. So one user has many topics with the same name (just different variations of the capitalization).

Thanks for your suggestions; got any more?

-- ShivaGoudarzi - 04 Mar 2008

I see that this question has been brought up before (see CaseInsensitiveUserMapping in Support and CaseInsensitiveUserMapping in Codev). And although in the Support question, there were talks of eliminating case sensitivity with login to wiki names in v4.2 and LdapContrib, the issue has not been resolved. Can anybody please offer insight as to what happened with this concept?

-- ShivaGoudarzi - 14 Mar 2008

I've reported obstacle 2 as a bug: Bugs.Item5470

-- ShivaGoudarzi - 24 Mar 2008

ShivaGoudarzi ,have you solve Obstacle One?I encounter the similar problem

-- ZhouXuan - 09 Apr 2008

Hi Zhou,

No, I have not resolved obstacle one, unfortunately; however, the RequireRegistrationPlugin does work on the previous version TWiki - 4.1.2. Since we couldn't resolve the issue, I disabled the plugin, and am trying to depend solely on the NewUserPlugin and LdapContrib, which have not allowed us to completely solve the problem. See WikiNameBackwardsAndInCaps for more information.

-- ShivaGoudarzi - 09 Apr 2008

Sorry, closing this question after more than 30 days of inactivity. Feel free to re-open if needed.

-- PeterThoeny - 03 Jun 2008