SID-00869: Does LdapContrib handle login names for logging in?

Status:	Answered	TWiki version:	4.3.2	Perl version:	5.8.8
Category:	CategoryPlugins	Server OS:	ubuntu 5.10	Last update:	15 years ago

Does LdapContrib handle logins by login names, vs. wiki names? It appears not, esp. when you look at the LdapUserMapping code--there's no handlesUser method there.

It seems that would be necessary when Users tries to discern the correct mapping to use. Afterall, TWikiUserMapping::handlesUser uses TWikiUserMapping's own mappings to check to see whether it can handle a user and, from what I can tell, the only place where Ldap user mappings are kept are in cache.db, which handlesUser cannot get to...

-- AlexEscalona - 2010-06-16

Discussion and Answer

You can configure TWiki to login with ldap username (such as jsmith) and have user signatures and users in groups with WikiNames (such as JohnSmith).

In configure specify TWiki::Users::TWikiUserMapping for user mapping manager, and TWiki::LoginManager::LdapApacheLogin for login manager. Set {Register}{AllowLoginName} to 1. Install the RequireRegistrationPlugin to force users to register so that usermapping can work properly.

-- PeterThoeny - 2010-06-17

Closing this question after more than 30 days of inactivity. Feel free to reopen if needed. Consider engaging one of the TWiki consultants if you need timely help. We invite you to get involved with the community, it is more likely you get community support if you support the open source project!

-- PeterThoeny - 2010-08-02

Hmm, seems this answer does not address my question. I need to use LdapContrib in order to authenticate users against an AD domain. Is that possible using the tools described in the response?

My particular question was about what appears to be an error in the LdapContrib code. I corrected the error by adding the following lines to LdapUserMapping.pm:

 92 sub handlesUser {
 93   my ($this, $cUID, $login, $wikiname) = @_;
 94 #print STDERR "called TWikiUserMapping::handlesUser(login=$login)\n... matches " . $this->{W2U}-> ;
 95 
 96   if (defined $cUID && !length($this->{mapping_id})) {
 97       # Handle all cUIDs if the mapping ID is not defined
 98       return 1;
 99   } else {
100       # Used when (if) TWikiUserMapping is subclassed
101       return 1 if ( defined $cUID && $cUID =~ /^($this->{mapping_id})/ );
102   }
103 
104   # Check the login id to see if we know it
105   return 1 if ($login && $this->_userReallyExists($login));
106 
107   # Check to see if the $login is a wikiname, since checkPassword
108   # sends only $login
109   if ($login) {
110     my $loginName = $this->lookupWikiName($login);
111     return 1 if defined $loginName;
112   }
113 
114   # Or the wiki name
115   if ($wikiname) {
116       my $loginName = $this->lookupLoginName($wikiname);
117       return 1 if defined $loginName;
118   }
119 
120   return 0;
121 }
122 
123 # test if the login is in the TWikiUsers topic, or in the password file
124 # depending on the AllowLoginNames setting
125 sub _userReallyExists {
126     my( $this, $login ) = @_;
127 
128     if ($TWiki::cfg{Register}{AllowLoginName}) {
129         # U2DN will restrict to only ldap-based logins and, specifically,
130         # those with DN's, which should be OK
131         # since the base user mapping handles everything else 
132         return 1 if (defined($this->{ldap}->getDnOfLogin($login)));
133     }
134 
135     if ($this->{passwords}->canFetchUsers()) {
136         # AllowLoginName mapping failed, maybe the user is however
137         # present in the TWiki managed pwd file
138         # can use the password file if available
139         my $pass = $this->{passwords}->fetchPass( $login );
140         return unless (defined($pass));
141         return if ("$pass" eq "0"); # login invalid... (SMELL: what
142         # does that really mean)
143         return 1;
144      } else {
145         # passwd==none case generally assumes any login given exists...
146          # (not positive if that makes sense for rego..)
147         return 0;
148      }
149 
150     return 0;
151 }

-- AlexEscalona - 2010-09-22

Thanks for posting this. Could you post a diff of your changes or point out which lines you changed?

-- PeterThoeny - 2010-09-22

Closing this question after more than 30 days of inactivity. Feel free to reopen if needed. Consider engaging one of the TWiki consultants if you need timely help. We invite you to get involved with the community, it is more likely you get community support if you support the open source project!

-- PeterThoeny - 2010-11-08

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.