Details
-
Bug
-
Resolution: Won't Fix
-
Critical
-
None
-
3.4
-
None
-
linux, tomcat 6, Active Directory
-
rights, ldap, group-mapping, active directory
-
Unknown
-
Description
I`m not sure if this is a Bug, maybe from your point it is a feature but I got following problem since I updated XWiki from Version 3.1.1 to 3.4.
I got Ldap-Group-Mapping configured as follows:
xwiki.authentication.ldap.group_mapping=XWiki.IT=CN=FCT_IT,OU=IT,OU=Functions,OU=SecurityGroups,DC....|\
XWiki.Development=CN=Development,OU=Departments,OU=SecurityGroups,DC=...|\
XWiki.External=CN=EXT_COMPANY,OU=External,OU=SecurityGroups,DC=...|\
...
I'm using this mapping to set default rights for each new user logging in.
This mapping worked fine with version 3.1.1 and it still works with 3.4,
but sometimes it's neccessary to give further privileges to one single User of a Group without changing configuration in "Active Directory".
E.g.: I want to add a user from XWiki.External to XWiki.IT via "Rights Management" of XWiki. This worked fine with XWiki 3.1.1. Since I updated to 3.4 such users are beeing deleted from the assigned group as soon as they refresh/login.
Maybe this bug depends on:
xwiki.authentication.ldap.update_user=1
But setting this property to "1" should not delete locally configured (additional) rights for a user!?