Authentication using LDAP and user names with dots

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Authentication using LDAP and user names with dots

Eric ter Haar
I already tried to post this question earlier via the ObjectWeb Sympa interface,
but did not see it back in the archive list, nor did I get a e-mail
confirmation. So please excuse me if it is posted twice now.

I am currently evaluating XWiki for deployment in my company. So far everything
looks great, but I ran into a blocking issue. I have setup XWiki to authenticate
with LDAP, which is a requirement for us. The user names provided by our LDAP
server all have dots in them, like 'eric.ter.haar'. XWiki seems to have a
problem with this. When login in for the first time it creates a new user name
that is equal to the part after the last dot, e.g., 'haar'. And it creates a
space with the other part, like 'eric.ter'. The next login fails but without any
notice.
Does anyone know how to get around this?

Thanks,
Eric






--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: Authentication using LDAP and user names with dots

Guillaume Lerouge
Hi Eric,

no idea about how to fix it, but I think this is due to the fact that internal links in XWiki take the following form: [SpaceName.PageName].
That is, the 2 elements are separated by a dot in the link. Thus when clikcing on such a link it creates the PageName page in the SpaceName page, which is apparently happening in your case.

On the other hand, XWiki Users are currently created in the XWiki space. Your users are not created in that space because of the dots. One solution I could see (though I'm definitely not on the tech side of things) would be to write some kind of filter / adapter that would take the dots out of user names before creating them (replacing eric.ter.haar with EricTerHaar) and using that username for XWiki.

Not sure this helps a lot, but good luck!

Guillaume

On 30/07/07, Eric ter Haar <[hidden email]> wrote:
I already tried to post this question earlier via the ObjectWeb Sympa interface,
but did not see it back in the archive list, nor did I get a e-mail
confirmation. So please excuse me if it is posted twice now.

I am currently evaluating XWiki for deployment in my company. So far everything
looks great, but I ran into a blocking issue. I have setup XWiki to authenticate
with LDAP, which is a requirement for us. The user names provided by our LDAP
server all have dots in them, like 'eric.ter.haar'. XWiki seems to have a
problem with this. When login in for the first time it creates a new user name
that is equal to the part after the last dot, e.g., 'haar'. And it creates a
space with the other part, like 'eric.ter'. The next login fails but without any
notice.
Does anyone know how to get around this?

Thanks,
Eric






--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto: [hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws




--
http://wikibc.blogspot.com/

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: Authentication using LDAP and user names with dots

ebullient
On 7/30/07, Guillaume Lerouge <[hidden email]> wrote:
> Hi Eric,
>

[snip..]

> On the other hand, XWiki Users are currently created in the XWiki space.
> Your users are not created in that space because of the dots. One solution I
> could see (though I'm definitely not on the tech side of things) would be to
> write some kind of filter / adapter that would take the dots out of user
> names before creating them (replacing eric.ter.haar with EricTerHaar) and
> using that username for XWiki.
>
> Not sure this helps a lot, but good luck!
>

I found (in my travails over the weekend) this handy code in
com.xpn.xwiki.XWiki:

    public String getConvertingUserNameType(XWikiContext context)
    {
        if (context.getWiki().getXWikiPreference("convertmail", context) != null
            && context.getWiki().getXWikiPreference("convertmail",
context).length() > 0)
            return context.getWiki().getXWikiPreference("convertmail",
"0", context);
        return context.getWiki().Param("xwiki.authentication.convertemail",
"0");
    }

    public String convertUsername(String username, XWikiContext context)
    {
        if (username == null)
            return null;
        if (getConvertingUserNameType(context).equals("1") &&
(username.indexOf("@") != -1)) {
            String id = "" + username.hashCode();
            id = id.replaceAll("-", "");
            if (username.length() > 1) {
                int i1 = username.indexOf('@');
                id =
                    "" + username.charAt(0) + username.substring(i1 + 1, i1 + 2)
                        + username.charAt(username.length() - 1) + id;
            }
            return id;
        } else if (getConvertingUserNameType(context).equals("2"))
            return username.replaceAll("[\\.\\@]", "_");
        else
            return username;
    }

In theory, you could use this instead of rolling your own. Both of
those are for converting
email addresses.. but the second would replace either dots or @ with _...

if the converting type is 1: strip the username from in front of the @ sign
if the converting type is 2: just replace @ and . with _

at least, that's how I read the code..


convertUsername is already called by processLogin, checkLogin,
getUserPage, inviteToGroup, and validateUser, so (in theory) you
shouldn't even have to hack code to get this to work -- just set the
right value in xwiki.cfg.

--
'Waste of a good apple' -Samwise Gamgee



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: Authentication using LDAP and user names with dots

Eric ter Haar
Erin Schnabel wrote:

> On 7/30/07, Guillaume Lerouge <[hidden email]> wrote:
>> Hi Eric,
>>
>
> [snip..]
>
>> On the other hand, XWiki Users are currently created in the XWiki space.
>> Your users are not created in that space because of the dots. One solution I
>> could see (though I'm definitely not on the tech side of things) would be to
>> write some kind of filter / adapter that would take the dots out of user
>> names before creating them (replacing eric.ter.haar with EricTerHaar) and
>> using that username for XWiki.
>>
>> Not sure this helps a lot, but good luck!
>>
>
> I found (in my travails over the weekend) this handy code in
> com.xpn.xwiki.XWiki:
>
>     public String getConvertingUserNameType(XWikiContext context)
>     {
>         if (context.getWiki().getXWikiPreference("convertmail", context) != null
>             && context.getWiki().getXWikiPreference("convertmail",
> context).length() > 0)
>             return context.getWiki().getXWikiPreference("convertmail",
> "0", context);
>         return context.getWiki().Param("xwiki.authentication.convertemail",
> "0");
>     }
>
>     public String convertUsername(String username, XWikiContext context)
>     {
>         if (username == null)
>             return null;
>         if (getConvertingUserNameType(context).equals("1") &&
> (username.indexOf("@") != -1)) {
>             String id = "" + username.hashCode();
>             id = id.replaceAll("-", "");
>             if (username.length() > 1) {
>                 int i1 = username.indexOf('@');
>                 id =
>                     "" + username.charAt(0) + username.substring(i1 + 1, i1 + 2)
>                         + username.charAt(username.length() - 1) + id;
>             }
>             return id;
>         } else if (getConvertingUserNameType(context).equals("2"))
>             return username.replaceAll("[\\.\\@]", "_");
>         else
>             return username;
>     }
>
> In theory, you could use this instead of rolling your own. Both of
> those are for converting
> email addresses.. but the second would replace either dots or @ with _...
>
> if the converting type is 1: strip the username from in front of the @ sign
> if the converting type is 2: just replace @ and . with _
>
> at least, that's how I read the code..
>
>
> convertUsername is already called by processLogin, checkLogin,
> getUserPage, inviteToGroup, and validateUser, so (in theory) you
> shouldn't even have to hack code to get this to work -- just set the
> right value in xwiki.cfg.
>
>
Thanks Erin, "xwiki.authentication.convertemail=2" did the trick!

--
Best regards,
Eric



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws