Questions about LDAP in XEM 2.3.1

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Questions about LDAP in XEM 2.3.1

Marine Julian
Hi everybody,

I've just configured a LDAP authentication in my XEM 2.3.1 and I have two
questions.
I would like you to confirm that LDAP authenticated users only appear in the
admin users menu at their first connection. Is it right ? In that case, how
can i put all authenticated users in a wiki group different to XWikiAllGroup
?
Besides, I would like that only one group of my LDAP can access to the admin
wiki and to wiki templates. Is there a way to do that ?

Thanks in advance for your help.

Marine
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Questions about LDAP in XEM 2.3.1

Thomas Mortagne
Administrator
On Mon, Jul 5, 2010 at 10:30, Marine JULIAN <[hidden email]> wrote:
> Hi everybody,
>
> I've just configured a LDAP authentication in my XEM 2.3.1 and I have two
> questions.
> I would like you to confirm that LDAP authenticated users only appear in the
> admin users menu at their first connection. Is it right ? In that case, how

I'm not sure i see what you mean by "admin users menu". LDAP user is
created on XWiki the first time the corresponding user log in.

> can i put all authenticated users in a wiki group different to XWikiAllGroup
> ?

By default LDAP users are exactly like any other user, they are part
of XWikiAllGroup because all users are supposed to be part of it.

> Besides, I would like that only one group of my LDAP can access to the admin
> wiki and to wiki templates. Is there a way to do that ?

You can setup LDAP users membership on XWiki based on groups you have
on LDAP server. See
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCases#HIwanttobeabletoreuseLDAPusersmembershipinXWiki

>
> Thanks in advance for your help.
>
> Marine
> _______________________________________________
> users mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/users
>



--
Thomas Mortagne
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Questions about LDAP in XEM 2.3.1

Marine Julian
tmortagne wrote
On Mon, Jul 5, 2010 at 10:30, Marine JULIAN <marine.julian@gmail.com> wrote:
> Hi everybody,
>
> I've just configured a LDAP authentication in my XEM 2.3.1 and I have two
> questions.
> I would like you to confirm that LDAP authenticated users only appear in the
> admin users menu at their first connection. Is it right ? In that case, how

I'm not sure i see what you mean by "admin users menu". LDAP user is
created on XWiki the first time the corresponding user log in.
By admin users menu, I meaned the page we can access by "administer wiki" -> "users". I agree it wasn't very clear... Anyway, you answered my question :)

tmortagne wrote
> Besides, I would like that only one group of my LDAP can access to the admin
> wiki and to wiki templates. Is there a way to do that ?
You can setup LDAP users membership on XWiki based on groups you have
on LDAP server. See
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCases#HIwanttobeabletoreuseLDAPusersmembershipinXWiki
If i understood well, I can only play with groups to restrict access to a subwiki in my farm.
Reply | Threaded
Open this post in threaded view
|

Re: Questions about LDAP in XEM 2.3.1

Thomas Mortagne
Administrator
On Mon, Jul 5, 2010 at 14:38, Marine Julian <[hidden email]> wrote:

>
>
> tmortagne wrote:
>>
>> On Mon, Jul 5, 2010 at 10:30, Marine JULIAN <[hidden email]>
>> wrote:
>>> Hi everybody,
>>>
>>> I've just configured a LDAP authentication in my XEM 2.3.1 and I have two
>>> questions.
>>> I would like you to confirm that LDAP authenticated users only appear in
>>> the
>>> admin users menu at their first connection. Is it right ? In that case,
>>> how
>>
>> I'm not sure i see what you mean by "admin users menu". LDAP user is
>> created on XWiki the first time the corresponding user log in.
>>
> By admin users menu, I meaned the page we can access by "administer wiki" ->
> "users". I agree it wasn't very clear... Anyway, you answered my question :)
>
>
> tmortagne wrote:
>>
>>> Besides, I would like that only one group of my LDAP can access to the
>>> admin
>>> wiki and to wiki templates. Is there a way to do that ?
>> You can setup LDAP users membership on XWiki based on groups you have
>> on LDAP server. See
>> http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCases#HIwanttobeabletoreuseLDAPusersmembershipinXWiki
>>
> If i understood well, I can only play with groups to restrict access to a
> subwiki in my farm.

It's generally the easiest yes. You assign all the groups to the
proper wiki/spaces/pages and then you just need to put the users in
the proper groups. When you have lots of users it's becoming quickly
very difficult to directly assign rights to single users.

>
> --
> View this message in context: http://xwiki.475771.n2.nabble.com/Questions-about-LDAP-in-XEM-2-3-1-tp5255260p5255898.html
> Sent from the XWiki- Users mailing list archive at Nabble.com.
> _______________________________________________
> users mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/users
>



--
Thomas Mortagne
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Questions about LDAP in XEM 2.3.1

Marine Julian
tmortagne wrote
It's generally the easiest yes. You assign all the groups to the
proper wiki/spaces/pages and then you just need to put the users in
the proper groups. When you have lots of users it's becoming quickly
very difficult to directly assign rights to single users.
Okay, thank you Thomas !
Just one more thing to be sure to do the right thing :
Let's suppose that I create a AllRights group in the main wiki (called mainwiki) of my farm (and only in this wiki) and that I want all the LDAP users of group cn=HMS Lydia,ou=crews,ou=groups,o=sevenSeas to be automatically added in it.
Is it right if I write xwiki.authentication.ldap.group_mapping=mainwiki:XWiki.AllRights=cn=HMS Lydia,ou=crews,ou=groups,o=sevenSeas ? Because i'm not sure about the syntax wiki:space:page in this case.
Reply | Threaded
Open this post in threaded view
|

Re: Questions about LDAP in XEM 2.3.1

Thomas Mortagne
Administrator
On Tue, Jul 6, 2010 at 14:09, Marine Julian <[hidden email]> wrote:

>
>
> tmortagne wrote:
>>
>> It's generally the easiest yes. You assign all the groups to the
>> proper wiki/spaces/pages and then you just need to put the users in
>> the proper groups. When you have lots of users it's becoming quickly
>> very difficult to directly assign rights to single users.
>>
> Okay, thank you Thomas !
> Just one more thing to be sure to do the right thing :
> Let's suppose that I create a AllRights group in the main wiki (called
> mainwiki) of my farm (and only in this wiki) and that I want all the LDAP

The main wiki in a farm is always technically called "xwiki".

> users of group cn=HMS Lydia,ou=crews,ou=groups,o=sevenSeas to be
> automatically added in it.
> Is it right if I write
> xwiki.authentication.ldap.group_mapping=mainwiki:XWiki.AllRights=cn=HMS
> Lydia,ou=crews,ou=groups,o=sevenSeas ? Because i'm not sure about the syntax
> wiki:space:page in this case.

Actually if all wikis are supposed to use the same LDAP users, you should do

xwiki.authentication.ldap.group_mapping=XWiki.AllRights=cn=HMS
Lydia,ou=crews,ou=groups,o=sevenSeas

and make sure all LDAP users are authenticated on main wiki (otherwise
each wiki will have a duplicate of each user). See
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/LDAPAuthenticationUseCases#HI27minmultiwikienvironmentandIwantmyLDAPuserstoregisteredonlyonmainwiki

> --
> View this message in context: http://xwiki.475771.n2.nabble.com/Questions-about-LDAP-in-XEM-2-3-1-tp5255260p5259990.html
> Sent from the XWiki- Users mailing list archive at Nabble.com.
> _______________________________________________
> users mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/users
>



--
Thomas Mortagne
_______________________________________________
users mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/users