Affects Version/s: 1.0 B6
Fix Version/s: 1.3 M2
Implementation of a substitude LDAP authentication class.
The new features and changes:
- Separate LDAP login and authentication validation
- An LDAP group membership is first checked before a user can be authenticated against LDAP
- LDAP Groups are handled recursivly (groups in groups)
- LDAP Groups and their members are cached with an expiration
- LDAP attributes can update XWiki user attributes configurable at create time or on every login
- LDAP group membership can be sync'ed with XWiki group membership
- If authentication with LDAP fails it still will try to authenticate against the XWiki DB
- detailed comments in xwiki.cfg
- pretty much every detail of the behavior can be configured in xwiki.cfg
- All valuable features from the old LDAPAuthServiceImpl are reimplemented (except for LDAP bind being sufficent for login implemented by the check_level configuration)
- Any LDAP attribute can be used containing the XWiki name
- Added SSL support
- Each virtual server can have it's own LDAP configuration even enable disable LDAP
This has been tested against OpenLDAP, Novell eDirectory and ApacheDS.
I would like to ask for a code-read, verification of how the module is using the XWiki APIs and testing in various environments.
Most of all, I am looking for feedback.