This question about LDAP: More info required

LDAP used only for authentication, not WikiName building.

I can't seem to do what I think is the simplest of use cases for LdapContrib. I have a userbase with conventional TopicMapping, but want to use LDAP so they don't have to remember different passwords. I am able to get a login name from registration and successfully search our LDAP server, but then I am logged in with an ugly userid instead of a WikiName. The documentation indicates that I can build a WikiName from LDAP info (say givenName, sn), but my users already typed that in during Registration and already have a Main.WikiName topic, so why try and re-assemble it. I can't seem to figure out how to get a WikiName from a login name (userid).

-- JohnKern - 24 Mar 2010

Is there a reason you keep using the standard registration? In our setup, we use LdapContrib together with NewUserPlugin to create user pages on the first login. So, the users never have to fill in a registration form as the information is already stored in our LDAP database. The wikinames are then created/mapped using $Foswiki::cfg{Ldap}{WikiNameAttribute} = 'givenName, sn';

-- MartinKaufmann - 24 Mar 2010

Perhaps (likely) I don't understand well enough what LdapContrib is trying to do. I installed the plugins you mention and they seem to be working. Unclear to me if or how a new WikiName topic gets created although I am able to obtain LDAP info into my NewUserPlugin. Setting NEWUSERTEMPLATE in SitePreferences didn't seem to do anything different. Is there some way to dump out the contents of the LDAP cache? Should it try to obtain cached data for everyone who logs in, or everyone who appears in FoswikiUsers? Shouldn't it not say "Oops: we could not recognize you. Try again or reset your password" when a bad password is given?

-- JohnKern - 24 Mar 2010

It might be best to let us know what exactly you're trying to achieve.

I can try to describe our setup to get you an idea of what works.
  • We're using LdapContrib to access our LDAP database (in our case ActiveDirectory).
  • All our user and login information is stored in this database and no registration is required in Foswiki.
  • We don't use a WikiUsers topic.
  • The PasswordManager and UserMappingManager have to be set to use LdapContrib (see the config below).
  • Our LdapContrib settings are the following:
    $Foswiki::cfg{LoginManager} = 'Foswiki::LoginManager::TemplateLogin';
    $Foswiki::cfg{UserMappingManager} = 'Foswiki::Users::LdapUserMapping';
    $Foswiki::cfg{PasswordManager} = 'Foswiki::Users::LdapPasswdUser';
    $Foswiki::cfg{Ldap}{SecondaryPasswordManager} = 'none';
    $Foswiki::cfg{Ldap}{Host} = 'ldap-server';
    $Foswiki::cfg{Ldap}{Port} = 389;
    $Foswiki::cfg{Ldap}{Version} = '3';
    $Foswiki::cfg{Ldap}{Base} = 'dc=location,dc=company,dc=local';
    $Foswiki::cfg{Ldap}{BindDN} = 'cn=bin-user,ou=Users,dc=location,dc=company,dc=local';
    $Foswiki::cfg{Ldap}{BindPassword} = 'secretpassword;
    $Foswiki::cfg{Ldap}{UseSASL} = 0;
    $Foswiki::cfg{Ldap}{SASLMechanism} = 'PLAIN CRAM-MD5 EXTERNAL ANONYMOUS';
    $Foswiki::cfg{Ldap}{UseTLS} = 0;
    $Foswiki::cfg{Ldap}{TLSSSLVersion} = 'tlsv1';
    $Foswiki::cfg{Ldap}{TLSVerify} = 'require';
    $Foswiki::cfg{Ldap}{TLSCAPath} = '';
    $Foswiki::cfg{Ldap}{TLSCAFile} = '';
    $Foswiki::cfg{Ldap}{TLSClientCert} = '';
    $Foswiki::cfg{Ldap}{TLSClientKey} = '';
    $Foswiki::cfg{Ldap}{Debug} = 0;
    $Foswiki::cfg{Ldap}{UserBase} = 'dc=location,dc=company,dc=local';
    $Foswiki::cfg{Ldap}{LoginFilter} = 'objectClass=user';
    $Foswiki::cfg{Ldap}{LoginAttribute} = 'sAMAccountName';
    $Foswiki::cfg{Ldap}{WikiNameAttribute} = 'givenName, sn';
    $Foswiki::cfg{Ldap}{NormalizeWikiNames} = 1;
    $Foswiki::cfg{Ldap}{NormalizeLoginNames} = 1;
    $Foswiki::cfg{Ldap}{WikiNameAliases} = '';
    $Foswiki::cfg{Ldap}{AllowChangePassword} = 0;
    $Foswiki::cfg{Ldap}{SecondaryPasswordManager} = 'none';
    $Foswiki::cfg{Ldap}{GroupBase} = 'ou=group,dc=location,dc=company,dc=local';
    $Foswiki::cfg{Ldap}{GroupFilter} = 'objectClass=posixGroup';
    $Foswiki::cfg{Ldap}{GroupAttribute} = 'cn';
    $Foswiki::cfg{Ldap}{PrimaryGroupAttribute} = 'gidNumber';
    $Foswiki::cfg{Ldap}{MemberAttribute} = 'memberUid';
    $Foswiki::cfg{Ldap}{MemberIndirection} = 0;
    $Foswiki::cfg{Ldap}{WikiGroupsBackoff} = 1;
    $Foswiki::cfg{Ldap}{NormalizeGroupNames} = 0;
    $Foswiki::cfg{Ldap}{MapGroups} = 0;
    $Foswiki::cfg{Ldap}{RewriteGroups} = {};
    $Foswiki::cfg{Ldap}{MergeGroups} = 0;
    $Foswiki::cfg{Ldap}{MaxCacheAge} = 86400;
    $Foswiki::cfg{Ldap}{PageSize} = 500;
    $Foswiki::cfg{Ldap}{Exclude} = 'WikiGuest, ProjectContributor, RegistrationAgent, UnknownUser, AdminGroup, NobodyGroup';
    Btw, we're not using group mapping, so this part doesn't work.
  • The following plugins have to be installed and enabled: NewUserPlugin, LdapNgPlugin, GluePlugin,
  • In SitePreferences we've got the following setting: Set NEWUSERPLUGIN_NEWUSERTEMPLATE = NewLdapUserTemplate
  • The Topic Web.NewLdapUserTemplate has the following content:
    ---+ %SPACEOUT{"%WIKINAME%"}% @ <nop>%WIKITOOLNAME%
    %INCLUDE{"RenderLdapUser" KEY="%USERNAME%"}%
    <!--
       * Set ALLOW<nop>TOPICCHANGE = %WIKIUSERNAME%
    -->
    (Remove the <nop> to get it working.)
  • I've adjusted the topic Web.RenderLdapUser:
    %STARTINCLUDE%
    %~~ LDAP{"(&(objectClass=user)(sAMAccountName=%KEY%))" 
    ~~~   clear="$jpegPhoto,$cn,$mail,$telephoneNumber,$o,$postalAddress"
    ~~~   limit="1"
    ~~~   format="
    ~~~     <div class=\"alt\">
    ~~~     <table cellspacing=\"5\">
    ~~~     <tr>
    ~~~       $percntIFDEFINEDTHEN{\"$jpegPhoto\" as=\"$[j]pegPhoto\"}$percnt
    ~~~       <td valign=\"top\">
    ~~~         <img src=\"$jpegPhoto\" alt=\"$cn\" title=\"$cn\" width=\"100px\">
    ~~~       </td>
    ~~~       $percntFIDEFINED$percnt
    ~~~       <td valign=\"top\">
    ~~~         <table>
    ~~~           <tr><th>Name:</th>
    ~~~               <td> $cn </td></tr>
    ~~~           <tr><th>Email:</th>
    ~~~               <td> $mail </td></tr>
    ~~~           <tr><th>Tel:</th>
    ~~~               <td> $telephoneNumber </td></tr>
    ~~~           <tr><th>Initials:</th>
    ~~~               <td> $initials </td></tr>
    ~~~           <tr><th>Login:</th>
    ~~~               <td> $sAMAccountName</td></tr>
    ~~~         </table>
    ~~~       </td>
    ~~~     </tr>
    ~~~    </table>
    ~~~    </div>"
    ~~~ }%
    %STOPINCLUDE%
-- MartinKaufmann - 25 Mar 2010

Thanks Martin. What you suggest is very close to what I have and what I want. So, you are using as the "truth" the user login. Can't I still have the FoswikiUsers topic so that my boss can see how many and who the users are? Don't I still need to have WikiWord topics because I already have a userbase and they have already made edits? I can't determine if LdapUserTemplate creates the user topic and/or establishes the map between the WikiName and the login because neither NEWUSERPLUGIN_NEWUSERTEMPLATE = nor (the documented) NEWUSERTEMPLATE = in SitePreferences seem to make any difference. Also, I sure would like more visibility into the cache contents. When I have preCaching turned on, my apache_error.log file fills up with messages like "bad search" while downloading the whole LDAP directory. Yet when turned off, my jkern3 login works just fine with my corporate password, and JohnKern appears on the upper left. I'm very close...

-- JohnKern - 26 Mar 2010

I don't know if I understand all your questions but I give it a go:
  • WikiUsers is not created/maintained if LdapContrib is used. I don't know any (simple) way around it. You might get the information you're looking for from WebStatistics. Or just extract it from the log files.
  • NewUserPlugin doesn't do any mapping between login and wikiname. This is done by LdapContrib. To find out if NewUserPlugin works, you would have to log in with a username without existing user topic in the Main web. How do you determine that the NEWUSERTEMPLATE setting doesn't make any difference?
  • User topics in Main web are still used for per-user preferences.
  • Regarding preference settings in general: They can either be set in the plugin topic (which isn't recommended as this topic will be overwritten when upgrading the plugin) or in SitePreferences where each setting has to be prefixed with the plugin name (e.g. NEWUSERPLUGIN_NEWUSERTEMPLATE).
  • There is a configure setting {Ldap}{Debug} which enables logging to debug.txt. However, per default, most debugging messages are turned off in the source. The enabled them you have to edit lib/Foswiki/Contrib/LdapContrib.pm (remove the comment character # in front of writeDebug messages you're interested in).
  • The database cache is stored in working/work_areas/LdapContrib/cache.db, however, it's a Berkeley DB file, not plain text (use db_dump -p to get the content out).
If you describe exactly what behaviour you expect and what errors you get, we might give you more specific help.

-- MartinKaufmann - 26 Mar 2010

In my development Foswiki, I have installed:
#  LdapNgPlugin  (v3.01, $Rev: 5549 (2009-11-17) $): Query and display data from an LDAP directory
# NewUserPlugin (v2.10, $Rev: 3642 (2009-04-23) $): Create a user topic if it does not exist yet 
and
LdapContrib
In my SitePreferences, I have:
---+++ ReVector the !NewUserTemplate for LDAP integration
   * Set NEWUSERPLUGIN_NEWUSERTEMPLATE = %SYSTEMWEB%.NewLdapUserTemplate
When a visitor to the wiki arrives, he sees:
    * Log In or Register
and when he chooses Register, it shows (in a topic called System/UserRegistration):
Registration

To edit pages on this Foswiki site, you must have a registered user name and password.

HELP Note: Registered users can change and reset their passwords.

Important: the information provided in this form will be stored in a database on the Foswiki server. This database is accessible to anyone who can access the server through the web (though passwords will be encrypted, and e-mail addresses will be obfuscated to help prevent spamming). Your country, or the country where the server is hosted, may have Data Protection laws governing the maintenance of such databases. If you are in doubt, you should contact jkern3@visteon.com for details of the Data Protection Policy of this Foswiki server before registering.

To register as a new user, simply fill out this form:

Fields marked ** are required
First Name:    **
Last Name:    **
(identifies you to others) WikiName:    **
(how you log in) LoginName:    **
E-mail address:    **
...
I was expecting a page where it said something like: "Enter your corporate login and password and we'll take care of the rest" "to include the generation of your own personal topic (named WikiName) where you can add addition data about yourself" I'm particularly concerned about the part indicating that "Registered users can change and reset their passwords"

When I turn on precaching, my apache_error.log file fills up with hundreds of entries like:
...
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] [Wed Mar 24 17:46:39 2010] login: Use of uninitialized value in string ne at F:/www/Foswiki/lib/Foswiki/Contrib/LdapContrib.pm line 1112, <DATA> line 830., referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] - LdapContrib - WARNING: different CN=LDHARMAD,CN=Users,DC=vistcorp,DC=ad,DC=visteon,DC=com on old loginName 'ldharmad', referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] - LdapContrib - called cacheUserFromEntry(), referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] - LdapContrib - WARNING: no WikiNameAttributes found for CN=JRYLE,CN=Users,DC=vistcorp,DC=ad,DC=visteon,DC=com ... deriving WikiName from LoginName: 'jryle', referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] [Wed Mar 24 17:46:39 2010] login: Use of uninitialized value in string ne at F:/www/Foswiki/lib/Foswiki/Contrib/LdapContrib.pm line 1112, <DATA> line 830., referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] - LdapContrib - WARNING: different CN=JRYLE,CN=Users,DC=vistcorp,DC=ad,DC=visteon,DC=com on old loginName 'jryle', referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] - LdapContrib - called cacheUserFromEntry(), referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] - LdapContrib - WARNING: no WikiNameAttributes found for CN=SBOUMAIZ,CN=Users,DC=vistcorp,DC=ad,DC=visteon,DC=com ... deriving WikiName from LoginName: 'sboumaiz', referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] [Wed Mar 24 17:46:39 2010] login: Use of uninitialized value in string ne at F:/www/Foswiki/lib/Foswiki/Contrib/LdapContrib.pm line 1112, <DATA> line 830., referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] - LdapContrib - WARNING: different CN=SBOUMAIZ,CN=Users,DC=vistcorp,DC=ad,DC=visteon,DC=com on old loginName 'sboumaiz', referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] - LdapContrib - called cacheUserFromEntry(), referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] - LdapContrib - givenName=Maria, referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] - LdapContrib - sn=Acosta, referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] [Wed Mar 24 17:46:39 2010] login: Use of uninitialized value in string ne at F:/www/Foswiki/lib/Foswiki/Contrib/LdapContrib.pm line 1112, <DATA> line 830., referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] - LdapContrib - WARNING: different CN=MACOSTA,CN=Users,DC=vistcorp,DC=ad,DC=visteon,DC=com on old loginName 'macosta', referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
[Wed Mar 24 17:46:39 2010] [error] [client 136.18.75.198] - LdapContrib - called cacheUserFromEntry(), referer: http://swdata/Foswiki/bin/login/System/NewLdapUserTemplate
...
as if it were visiting all possible LDAP entries instead of the dozen or so users that currently exist, yet when precaching is off and I try to login, it works.
[Fri Mar 26 15:37:27 2010] [error] [client 136.18.75.198] - LdapContrib - cacheAge=77839, maxCacheAge=86400, lastUpdate=1269554403, refresh=0
[Fri Mar 26 15:37:27 2010] [error] [client 136.18.75.198] - LdapUserMapping - called LdapUserMapping::getWikiName(jkern3)
[Fri Mar 26 15:37:27 2010] [error] [client 136.18.75.198] - LdapUserMapping - returning JohnKern

If I look at: F:/www/Foswiki/lib/Foswiki/Contrib/LdapContrib.pm lines 1111 thru 1115, it shows:
  # is there an old mapping where this dn was matched to a different wikiName?
  if ($this->{data} && $this->{data}{"U2DN::$loginName"} ne $dn) {
    writeWarning("different $dn on old loginName '$loginName'");
    # what to do?
  }
so I don't know what perl may be complaining about, except that perhaps there is no value for U2DN::$loginName in the cache

So, looking in the cache, the only entry in cache.db seems to be:
F:\www\Foswiki\working\work_areas\LdapContrib>\installs\TWiki\berkeley\db_dump.exe -p  cache.db
VERSION=3
format=print
type=hash
h_nelem=2
db_pagesize=8192
HEADER=END
 UNKWNUSERS
 foswikiadmingroup
 lastUpdate
 1269554403
DATA=END

So basically, I feel that the Registration page should be only asking for a login and password, instead of the old page. An when precaching is turned on, I'm not seeing what I expect either in the cache.db nor the apache_error.log.

I'll try turning on debugging and see if it provides more insight.

-- JohnKern - 26 Mar 2010

I can answer your question about the registration topic. LdapContrib only replaces the password manager but doesn't touch any system topics in your wiki. This is up to you. I removed all links to the registration form and set AUTHREALM to something like please enter your corporate user name and password.

I don't know about pre-caching of your specific question about the LdapContrib code. As LdapContrib doesn't know which LDAP users have already accessed the wiki, it has to query the whole directory (according to your setup). That's why I expect to see a lot of entries in the cache (or pre-cache). AFAIK there is (or used to be) a performance hit when working with big LDAP directories. The latest version should contain a fix for this issue. If you come across a bug in the code, please raise a task.

-- MartinKaufmann - 29 Mar 2010

Thanks Martin. Its taken me a long time to digest what you have said. I think that what I am looking for (only LDAP password management) is perhaps far less exotic than what you are doing (by which I mean closer to the Foswiki delivered "standard"). The remaining questions are:
  1. I want my users to register, so that they can be enumerated and popularity can be measured. Its unclear if I could have intercepted the registration page in a non-upgrade-overwritable manner, so I copied it to a LdapUserRegistration topic in System, and pointed to it from System/WebLeftBarLogin (which might be overwritten as well.) I set AllowLoginName and described it using our company's nomenclature.
  2. My Indian users might not be bound by the givenName|sn conventions, so I'm not disappointed about the ability to pick a better WikiName.
  3. I can't figure out how to intercept the login process (as its not directly referenced in the System/WebLeftBarLogin topic). The contents of my AUTHREALM variable are not now echoed in my login page, so it is not clear how changes there would be realized.
  4. Despite the fact that I cannot remind users to utilize their corporate credentials, I am able to login using them, and therefore LDAP must be working.
  5. I have Precache ing turned off (and debugging turned on), yet my apache_error.log shows that LDAP searches are being done for people like "baseusermapping_222", "baseusermapping_333", "twikicontributor", "projectcontributer", and "peterthoeny" who do not appear in my Main.Foswiki list, but who may well appear in the %META:TOPICINFO(author= fields of topics I have edited. I still cannot figure out what LdapContrib is trying to do.
-- JohnKern - 09 Apr 2010

If I understand you correctly, you're trying to do more than just LDAP password management as you want to have all the users registered in Foswiki as well. I don't think this is possible with LdapContrib out of the box. Regarding your questions, I can't answer any of them but I can comment on some of them. You might want to head over to Foswiki's IRC channel to get help from the developers.
  1. Why do you need a registration page in the first place? On our system, no-one has to register as they are already stored in LDAP. I just deleted all links pointing to the registration page.
  2. I don't get your question there.
  3. Are you using PatternSkin (the default one)? AUTHREALM should be picked up by Pattern skin. You might want to look into templates. We created a template file called template/login.mycompany.tmpl where we included all our customisations to the default login page. In SitePreferences you then write SET SKIN = mycompany,pattern to overwrite the default skin.
  4. That should be solved using the above information.
  5. There are some built-in users but if they are included in {Ldap}{Exclude} they shouldn't be looked up in LDAP.
-- MartinKaufmann - 12 Apr 2010

Out of the box Foswiki requires users to register, so I am indeed trying to use LDAP for only password management. I can see the value of everyone being auto registered, but I "prefer" to be able to enumerate the users who are contributing. Although I don't want to delete all the links pointing to the registration page, I do want to re-vector them all (to a place where I can remind them what to register as their LoginName), but it unclear if I can know where they all are. It seems there is not a configuration setting, nor system variable, nor overloadable template to override from say the SitePreferences topic. One reference is in the System/WebLeftBarLogin topic, but I'm not sure if there are others.

I "prefer" that my users can utilize non LDAP-specified WikiName conventions. For instance, LDAP might be forcing your users to have a WikiName of RobertSomething when they prefer to use BobSomething to sign their edits. Some Indian or Chinese users might not prefer to use the {givenName , surName} conventions that an LDAP query might deliver.

I use the default PatternSkin, but the content of my AUTHREALM variable does not appear anywhere on my login screen. I'll have a look at the templates for logging in. Skin template syntax and pattern overloading seems kind of harsh for what I consider the simplest case of LDAP usage, simple password matching. Yet finding all the places where users are erroneously told they can change their passwords from the wiki is proving to be tedious.

If LdapContrib is trying to query for "baseusermapping_222", "baseusermapping_333", and "peterthoeny", who knows how big my {Ldap}{Exclude} setting could grow. I wish I could better understand what it is trying to do.

Finally, I'm restricted from chatting from my work, and by the time I'm ready, most developers (but not all wink are thinking about sleep. If I do get a hold of somebody, I'll reference this page.

-- JohnKern - 12 Apr 2010

I see from the discussions on http://foswiki.org/Development/SystemTopicsUpdateMethod that I am probably not the first to observe the difficulties in adjusting the UserRegistration and WikiUsers mechanisms.

-- JohnKern - 12 Apr 2010

I came across this page while hunting for LDAP group advice, but have an answer for part of the issue, though not the user mapping and mystery user lookup entries. I thought I'd edit in what I can answer so at least it'll be available for any future reference smile

To get a WikiUsers page while using LDAP, replace the page's original content with %LDAPUSERS{}% - this will generate a list of users that have logged in to the wiki, and thus are a fair bit more likely to contribute than those that have never logged in yet smile

Not quite sure how it would interact with an existing set of non-LDAP generated user pages. In my case I migrated on to a new server and excluded all the user pages to let the new LDAP setup and NewUserPlugin create new pages for everybody.

That macro comes from LdapNgPlugin

-- RasmusPraestholm - 15 Sep 2010

I recently migrated to Foswiki from TWiki and excluded all the user pages. Authentication is done only in OpenLDAP. Our LDAP has the following attributes:
dn: uid=jarbas.peixoto,ou=Usuarios,dc=teste
givenName: Jarbas
sn: Peixoto
uid: jarbas.peixoto
mail: jarbas.peixoto@previdencia.gov.br
cn: Jarbas Peixoto Junior
o: DATAPREV

Apache has been configured to authenticate with the uid as follows
  • File /etc/foswiki/apache.conf
...
AuthType Basic
AuthName "Informe IDENTIFICADOR e SENHA do OpenLdap (Acesso Restrito para a DATAPREV)"
AuthBasicProvider "ldap" "file"
AuthLDAPURL "ldap://mmldap:389/ou=Usuarios,dc=teste?uid,mail,cn?sub?(|(objectClass=shadowAccount)(o=DATAPREV))"
AuthLDAPRemoteUserAttribute uid
AuthzLdapAuthoritative Off
AuthUserFile /var/lib/foswiki/data/.htpasswd
...
When authentication occurs, the WikiName is the uid is not a WikiWord. Then the automatic creation of User Topic does not work.

I made a small change to the uid is a WikiWord
  • File /var/lib/foswiki/lib/Foswiki/Users.pm
...
        # needs to be WikiName safe
        #BEGIN: uppercase fisrt char (jarbas.junior@gmail.com)
        my @words;
        @words = ( $this->{cUID2WikiName}->{$cUID} =~ /(\w+)(\W?)/g );
        for (my $i = 0; $i < @words; $i++) {
                $words[$i]=ucfirst($words[$i]);
        }
        $this->{cUID2WikiName}->{$cUID} = join("",@words);
        #END: uppercase first char (jarbas.junior@gmail.com)
        $this->{cUID2WikiName}->{$cUID} =~ s/$Foswiki::cfg{NameFilter}//go;
...
Now, when authentication is the User Topic is created normally and I use the permission of local groups.

-- JarbasJunior - 17 Sep 2010

I'm currently working with a client that is using TWiki 6.0 and LDAP. The LDAP login (usernames) are converted the WikiWord names using the FirstLast field of the LDAP record. This allows a UserList, a nice employee directory, automatic "registration" and user page creation n first login, and WikiName home pages (which are needed because otherwise, how do you do preferences??)

I don't know if this is something that was added in the past 7 years, but I am assuming this capability is in Foswiki's version of LdapContrib as well.

I wish I could say how this is being done, but I didn't do it.

-- VickiBrown - 05 April 2017

QuestionForm edit

Subject LDAP
Extension LdapContrib
Version Foswiki 1.0.9
Status More info required
Related Topics
Topic revision: r20 - 05 Apr 2017, VickiBrown
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy