Hi,
I am having some weird situation, our system is running XWiki with LDAP backend and populating groups based on the LDAP plugin, but my issue is that when manually adding a user that cannot be added automatically to a certain group, after a day or so he gets removed and he is not able to login anymore (since wiki is private)
Not sure which login I should enable to get some more info.
Running the latest 10v.
Thanks.
If you are syncing groups using LDAP, of course XWiki will automatically remove the member from the group in XWiki. This is by design.
The whole point of syncing groups using LDAP is so that you don’t have to manage the group memberships within XWiki. You change the groups in the LDAP server and XWiki automatically reflects it.
I see. But I guess that someone would have the need to allow a certain user to be part of certain group, how would you handle this then?
I have Operations Ldap group that belong to XWiki admin group, but then I wanna have the manager to be part of XWiki admin group, how should I do this?
P.S. I have another user that was added manually and didn’t get removed from the group, which is not consistent…
Thanks.
Of course but it depends:
What is done is not a group synchronization but update of some user membership when it authenticate so only the authenticating user is affected.
All this means that if you really don’t want to do add this user to a group on LDAP side possible workaround is to do it trough a different group because in XWiki you can have groups which are part of other groups: you create a group which is not part of the LDAP mapping, you add this new group in the mapped group and put your LDAP user in this new group.
I see. Thanks for the explanation. However since rotation here is not that fast, I decided to maintain all the groups manually, since anyway there will be a need for manual intervention.
Thanks.