This question about LDAP: Asked

LDAP Users and Groups in WebNotify

Our installations of Foswiki correctly use LDAP users and groups for authentication and authorization. One idiosyncrasy I've noticed is that LDAP users and groups can be used directly in access control settings, but groups must be enclosed by single quotes in WebNotify pages.

For example, if we have an LDAP group called "somegroup", the following works:

Set ALLOWWEBCHANGE = somegroup

But in WebNotify it must be specified as:

   * 'somegroup'

Likewise a username can be used in an ACL, but cannot be used in WebNotify. In WebNotify, the WikiName must be used instead of the username (regardless of whether or not the username is enclosed by single quotes).

-- DevinBougie - 06 Jun 2013

How did you get Group notifications to work? Mine don't work with either quotes or no quotes, even though user notifications work.

-- JoeSemhen - 26 Aug 2013

I have tried to use a WikiGroup that points to some ldap usernames. My WikiGroup is working for access control but WebNotify doesn't work when I use my WikiGroup. WebNotify only works fine when I put complete email adresses. How should I write my WikiGroup in this case? Is WikiGroup pointing to ldap usernames supposed to work?

-- AmadeuJunior - 13 Jan 2014

I believe it should. Just incase it helps, here's our (sanitized) LDAP config that works with our Active Directory 2008 R2.

[root@lnx03 ~]# grep -i ldap /path/to/wiki/lib/LocalSite.cfg
$Foswiki::cfg{LoginManager} = 'Foswiki::LoginManager::LdapApacheLogin';
$Foswiki::cfg{UserMappingManager} = 'Foswiki::Users::LdapUserMapping';
$Foswiki::cfg{PasswordManager} = 'Foswiki::Users::LdapPasswdUser';
$Foswiki::cfg{Plugins}{LdapNgPlugin}{Enabled} = 1;
$Foswiki::cfg{Plugins}{LdapNgPlugin}{Module} = 'Foswiki::Plugins::LdapNgPlugin';
$Foswiki::cfg{Ldap}{PersonDataForm} = 'UserForm';
$Foswiki::cfg{Ldap}{PersonAttribures} = {
$Foswiki::cfg{Ldap}{IndexEmails} = 0;
$Foswiki::cfg{Ldap}{PreferLocalSettings} = 0;
$Foswiki::cfg{Ldap}{DefaultCacheExpire} = '';
$Foswiki::cfg{Ldap}{Host} = 'ldaps://our.domain.controller';
$Foswiki::cfg{Ldap}{Port} = '636';
$Foswiki::cfg{Ldap}{Version} = '3';
$Foswiki::cfg{Ldap}{Base} = 'dc=our,dc=domain,dc=com';
$Foswiki::cfg{Ldap}{BindDN} = 'wikiuser@OUR.DOMAIN.COM';
$Foswiki::cfg{Ldap}{BindPassword} = 'password';
$Foswiki::cfg{Ldap}{CharSet} = 'utf-8';
$Foswiki::cfg{Ldap}{UseSASL} = 0;
$Foswiki::cfg{Ldap}{SASLMechanism} = 'PLAIN CRAM-MD5 EXTERNAL ANONYMOUS';
$Foswiki::cfg{Ldap}{UseTLS} = 1;
$Foswiki::cfg{Ldap}{TLSSSLVersion} = 'tlsv1';
$Foswiki::cfg{Ldap}{TLSVerify} = 'require';
$Foswiki::cfg{Ldap}{TLSCAPath} = '/etc/pki/tls/certs';
$Foswiki::cfg{Ldap}{TLSCAFile} = '';
$Foswiki::cfg{Ldap}{TLSClientCert} = '';
$Foswiki::cfg{Ldap}{TLSClientKey} = '';
$Foswiki::cfg{Ldap}{Debug} = 0;
$Foswiki::cfg{Ldap}{UserBase} = [
$Foswiki::cfg{Ldap}{LoginFilter} = 'objectClass=user';
$Foswiki::cfg{Ldap}{UserScope} = 'one';
$Foswiki::cfg{Ldap}{LoginAttribute} = 'sAMAccountName';
$Foswiki::cfg{Ldap}{MailAttribute} = 'mail';
$Foswiki::cfg{Ldap}{WikiNameAttributes} = 'givenName, sn';
$Foswiki::cfg{Ldap}{NormalizeWikiNames} = 1;
$Foswiki::cfg{Ldap}{NormalizeLoginNames} = 1;
$Foswiki::cfg{Ldap}{CaseSensitiveLogin} = 1;
$Foswiki::cfg{Ldap}{WikiNameAliases} = '';
$Foswiki::cfg{Ldap}{RewriteWikiNames} = {
$Foswiki::cfg{Ldap}{AllowChangePassword} = 0;
$Foswiki::cfg{Ldap}{SecondaryPasswordManager} = 'none';
$Foswiki::cfg{Ldap}{GroupBase} = [
$Foswiki::cfg{Ldap}{GroupFilter} = 'objectClass=group';
$Foswiki::cfg{Ldap}{GroupScope} = 'one';
$Foswiki::cfg{Ldap}{GroupAttribute} = 'name';
$Foswiki::cfg{Ldap}{PrimaryGroupAttribute} = 'primaryGroupID';
$Foswiki::cfg{Ldap}{MemberAttribute} = 'member';
$Foswiki::cfg{Ldap}{InnerGroupAttribute} = 'member';
$Foswiki::cfg{Ldap}{MemberIndirection} = 1;
$Foswiki::cfg{Ldap}{WikiGroupsBackoff} = 1;
$Foswiki::cfg{Ldap}{NormalizeGroupNames} = 0;
$Foswiki::cfg{Ldap}{MapGroups} = 1;
$Foswiki::cfg{Ldap}{RewriteGroups} = {
$Foswiki::cfg{Ldap}{MergeGroups} = 0;
$Foswiki::cfg{Ldap}{MaxCacheAge} = '60';
$Foswiki::cfg{Ldap}{Precache} = 1;
$Foswiki::cfg{Ldap}{PageSize} = 500;
$Foswiki::cfg{Ldap}{Exclude} = 'WikiGuest, ProjectContributor, RegistrationAgent, UnknownUser, AdminGroup, NobodyGroup, AdminUser, admin, guest';
$Foswiki::cfg{NewUserPlugin}{NewUserTemplate} = '%SYSTEMWEB%.NewLdapUserTemplate';

-- DevinBougie - 16 Jan 2014
 

QuestionForm edit

Subject LDAP
Extension LdapContrib
Version Foswiki 1.1.8
Status Asked
Related Topics
Topic revision: r6 - 16 Jan 2014, DevinBougie
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy