question on ldap.fields_mapping (OpenLDAP)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

question on ldap.fields_mapping (OpenLDAP)

kenk-3
Hi,

I have v0.9.840 working with j2sdk-1.4.2_06, and it's authenticating successfully against an OpenLDAP v2.1.27 (+kerberos) server.  

After creating a new ldap/InetOrg user and seeing it magically appear as a New/Registered user upon (cold) login as that ldap user, I note that some fields on the xwiki user form/profile are blank tho the ldap entry has that information.

Is this expected?

I'm using this field mapping in my xwiki.cfg:

xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,company=o,ldap_dn=dn

...and "name=cn", "first_name=givenName", "fullname=displayName" appear to work fine, however the company and password fields are blank.  (I removed the mail=mail mapping when testing).

I read some postings in the archive that mention concerns with providing functionality around the password if it comes from ldap, is that why the password is missing?

So, I'm not using HEAD of

http://svn.forge.objectweb.org/cgi-bin/viewcvs.cgi/xwiki/xwiki/trunk/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java

nor Ludovic's LDAP class (name?) with debugging.  I'm just wondering what to expect.

Thanks for any help,
-ken




--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: question on ldap.fields_mapping (OpenLDAP)

Alexis KARTMANN
Hi,
As soon as you use a valid ldap login/password to
login to XWiki, this user will be created in XWiki.
As fields are copied from LDAP only for first
creation,  we don't copy password, because
authentication (checking password) is always done
against ldap server, even if user already exist in
XWiki.
"company" field should be filled with value of "o"
attribute. I will check this asap.
Hope this helps.
Alexis

--- [hidden email] wrote:

> Hi,
>
> I have v0.9.840 working with j2sdk-1.4.2_06, and
> it's authenticating successfully against an OpenLDAP
> v2.1.27 (+kerberos) server.  
>
> After creating a new ldap/InetOrg user and seeing it
> magically appear as a New/Registered user upon
> (cold) login as that ldap user, I note that some
> fields on the xwiki user form/profile are blank tho
> the ldap entry has that information.
>
> Is this expected?
>
> I'm using this field mapping in my xwiki.cfg:
>
>
xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,company=o,ldap_dn=dn

>
> ...and "name=cn", "first_name=givenName",
> "fullname=displayName" appear to work fine, however
> the company and password fields are blank.  (I
> removed the mail=mail mapping when testing).
>
> I read some postings in the archive that mention
> concerns with providing functionality around the
> password if it comes from ldap, is that why the
> password is missing?
>
> So, I'm not using HEAD of
>
>
http://svn.forge.objectweb.org/cgi-bin/viewcvs.cgi/xwiki/xwiki/trunk/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java

>
> nor Ludovic's LDAP class (name?) with debugging.
> I'm just wondering what to expect.
>
> Thanks for any help,
> -ken
>
>
> >
> --
> You receive this message as a subscriber of the
> [hidden email] mailing list.
> To unsubscribe:
> mailto:[hidden email]
> For general help:
> mailto:[hidden email]?subject=help
> ObjectWeb mailing lists service home page:
> http://www.objectweb.org/wws
>



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: question on ldap.fields_mapping (OpenLDAP)

kenk-3

Alexis,

yes that pretty much answers my question; this is my first use of ldap in
a webapp and I didn't know what to expect at all, while I have used older
versions of xwiki w/o ldap.

Having the company field and other user info fields coming from the ldap
entry is not that important to me, more a matter of curiosity.

Cheers,
Ken


On Wed, 7 Sep 2005, Alexis KARTMANN wrote:

> Hi,
> As soon as you use a valid ldap login/password to
> login to XWiki, this user will be created in XWiki.
> As fields are copied from LDAP only for first
> creation,  we don't copy password, because
> authentication (checking password) is always done
> against ldap server, even if user already exist in
> XWiki.
> "company" field should be filled with value of "o"
> attribute. I will check this asap.
> Hope this helps.
> Alexis
>
> --- [hidden email] wrote:
>
>> Hi,
>>
>> I have v0.9.840 working with j2sdk-1.4.2_06, and
>> it's authenticating successfully against an OpenLDAP
>> v2.1.27 (+kerberos) server.
>>
>> After creating a new ldap/InetOrg user and seeing it
>> magically appear as a New/Registered user upon
>> (cold) login as that ldap user, I note that some
>> fields on the xwiki user form/profile are blank tho
>> the ldap entry has that information.
>>
>> Is this expected?
>>
>> I'm using this field mapping in my xwiki.cfg:
>>
>>
> xwiki.authentication.ldap.fields_mapping=name=cn,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,company=o,ldap_dn=dn
>>
>> ...and "name=cn", "first_name=givenName",
>> "fullname=displayName" appear to work fine, however
>> the company and password fields are blank.  (I
>> removed the mail=mail mapping when testing).
>>
>> I read some postings in the archive that mention
>> concerns with providing functionality around the
>> password if it comes from ldap, is that why the
>> password is missing?
>>
>> So, I'm not using HEAD of
>>
>>
> http://svn.forge.objectweb.org/cgi-bin/viewcvs.cgi/xwiki/xwiki/trunk/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java
>>
>> nor Ludovic's LDAP class (name?) with debugging.
>> I'm just wondering what to expect.
>>
>> Thanks for any help,
>> -ken
>>
>>
>>>
>> --
>> You receive this message as a subscriber of the
>> [hidden email] mailing list.
>> To unsubscribe:
>> mailto:[hidden email]
>> For general help:
>> mailto:[hidden email]?subject=help
>> ObjectWeb mailing lists service home page:
>> http://www.objectweb.org/wws
>>
>
>
>


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws