Question
If access authorization is done with this module, are the users still listed in Main.TWikiUsers?
Idea: for security reasons we do not want to display user names in Main.TWikiUsers and nowhere else - except for administrators
a partial workaround is to embed the user list in
<!--
-->
but "view source" still shows everything ....
Environment
--
FerdinandGassauer - 06 Nov 2008
Answer
If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
Are you referring to the
LdapContrib? That module authenticates users against LDAP or AD. The
LdapNgPlugin is used to display LDAP data in TWiki pages.
The
TWikiUsers page is updated with TWiki user registrations. With LDAP auth you can but do no need to register users in TWiki. I recommend to register (you can enforce that with the
RequireRegistrationPlugin) so that signatures point back to user homepages.
You can impose access restrictions to pages in the Main web is needed. For example, you could add a
* Set ALLOWTOPICVIEW = %WIKIUSERNAME%
bullet to the user template so that only the registered user and site admins can view user pages. If you lock down system pages in the Main web make sure to add the
TWikiRegistrationAgent to the ALLOWWEBVIEW and ALLOWWEBCHANGE settings in your Main.WebPreferences.
--
PeterThoeny - 07 Nov 2008