Tags:
create new tag
view all tags

Question

I use LdapContrib (great plugin - great work) to authenticate the users:

Configuration within lib/LocalSite.cfg (among others) is:

# define the user login name attribute
$TWiki::cfg{Ldap}{LoginAttribute} = 'uid';
# define the user's wiki name attribute
$TWiki::cfg{Ldap}{WikiNameAttribute} = 'cn';
# flag to remove whitespaces in wiki names that come from ldap
$TWiki::cfg{Ldap}{WikiNameRemoveWhiteSpace} = 1;
# flag indicating wether we fallback to TWikiGroups
$TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 0;

## done within configure-page:
$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapUser';
$TWiki::cfg{MapUserToWikiName} = 0;
$TWiki::cfg{UserMappingManager} = 'TWiki::Users::LdapUserMapping';

With these settings, a user can login with his uid and gets logged in with his TWikiName GivennameLastname. But also Ldap-Posixgroups would be integrated into wiki as documented in LdapContrib

I just want to use LDAP to only authenticate the users. This should be setup, as diff to configuration above, with: $TWiki::cfg{UserMappingManager} = 'TWiki::Users::TWikiUserMapping'; as documented in LdapContrib. But with this setting, the user is always logged in with his uid (regardless of the setting of $TWiki::cfg{MapUserToWikiName} = 0;)

What's wrong? Can I achieve TWikiName-Mapping with the use of LDAP-cn-attribute without also using the LDAP-groups?

Environment

TWiki version: TWikiRelease04x00x04
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: SuSE 9.3
Web server: Apache2
Perl version:  
Client OS: SuSE 9.3
Web Browser: Firefox 1.5
Categories: Authentication

-- AlexanderScholler - 24 Aug 2006

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

Note that I have to set (in contrast to the mentioned above) $TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 1; to use group-memberships defined within TWiki.TWikiGroups But the name TWikiGroupsBackoff indicated that by enabling this parameterm the backfall is turned off. I wanted to turn it on and previously set 0, which seems to be interpreted exactly the wrong way.

A parameter-name of TWikiGroupsFallback would be better with

  • false indicating that Fallback is not done
  • true indicating that Fallback is done

-- AlexanderScholler - 24 Aug 2006

I had to change the LoginName within TWikiUsers (the second column within the User-bulleting is the loginname) for users already registered and activate AllowLoginName within configure so that the uid from LDAP can be entered as LoginName.

-- AlexanderScholler - 01 Sep 2006

Change status to:
WebForm
SupportStatus AnsweredQuestions
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2006-09-01 - AlexanderScholler
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.