Tags:
create new tag
view all tags

Question

If access authorization is done with this module, are the users still listed in Main.TWikiUsers?

Idea: for security reasons we do not want to display user names in Main.TWikiUsers and nowhere else - except for administrators

a partial workaround is to embed the user list in

<!--

-->
but "view source" still shows everything ....

Environment

TWiki version: TWikiRelease04x02x03
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS:  
Web server:  
Perl version:  
Client OS:  
Web Browser:  
Categories: Security

-- FerdinandGassauer - 06 Nov 2008

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

Are you referring to the LdapContrib? That module authenticates users against LDAP or AD. The LdapNgPlugin is used to display LDAP data in TWiki pages.

The TWikiUsers page is updated with TWiki user registrations. With LDAP auth you can but do no need to register users in TWiki. I recommend to register (you can enforce that with the RequireRegistrationPlugin) so that signatures point back to user homepages.

You can impose access restrictions to pages in the Main web is needed. For example, you could add a * Set ALLOWTOPICVIEW = %WIKIUSERNAME% bullet to the user template so that only the registered user and site admins can view user pages. If you lock down system pages in the Main web make sure to add the TWikiRegistrationAgent to the ALLOWWEBVIEW and ALLOWWEBCHANGE settings in your Main.WebPreferences.

-- PeterThoeny - 07 Nov 2008

Change status to:
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2008-11-07 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.