 |
|
You are here: Foswiki>Support Web>SupportQuestions>Question1390 (04 Jul 2014, MichaelDaum)Edit Attach
This question about LDAP: Answered
working around LDAP user name to wiki name clashes
I'm in the process of deploying a new Foswiki site to replace an existing one and have LDAP successfully working against a Windows 2008 R2 Active Directory system and can successfully authenticate logins. The issue I'm running into is with the IT staff who have both regular and admin accounts in AD. The admin accounts are in their own OU and the sAMAccountName syntax is "!jdoe". Depending on how AD is read and cached, the admin accounts are parsed first and end up getting mapped to the wiki pages I'd nominally want as the user's home page, (e.g. JohnDoe) while their regular accounts end up displaying a clash and populating as JohnDoe1, etc. Though I had some luck previously with deleting the cache and re-loading it to get things mapping as I had hoped, that seems like a gamble and hasn't solved this issue today. I flailed around with the example below (from the LDAP Contrib page) in the hopes I could figure out how to re-write the "!" accounts to something like JohnDoeAdmin but was not able to solve it that way.$Foswiki::cfg{Ldap}{RewriteWikiNames} = {
'^(.*) [^ ]+?\-adm$' => '$1 Admin',
'^(.*) (?!\-adm$)[^ ]+?$' => '$1',
}
Does anyone have suggestions on insight on resolving or working around this problem? The admin accounts will never be used on the wiki so I don't need the names to show up any particular way or even be functional for login if that makes the solution any easier.
Thanks.
-- JohnV - 20 Dec 2013
Upon further inspection I've discovered a few additional details that might be relevant. The usernames in AD are constructed in this manner:
givenName John sn Doe initials ! sAMAccountName !jdoeLooking at the example again from the main LDAP Contrib page, I set my wiki name attributes to match the example
$Foswiki::cfg{Ldap}{WikiNameAttributes} = 'givenName, sn, sAMAccountName';
and then attempted to modify the name rewrite example and came up with
{
'^(.*) (?!\\!$)[^ ]+?$' => '$1',
'^(.*) [^ ]+?\\!$' => '$1 Admin'
}
I deleted the cache after making these changes in the configuration and unfortunately it looks like the name building is unchanged with my modifications not solving the problem. My backup plan is to see if the AD administrator can change the names to put the "!" in either the last or first name fields, but it'd be much cleaner if the name building syntax could work around this situation. Any suggestions on regex modifications to get this to work?
Thanks.
-- JohnV - 27 Dec 2013
Please upgrade to the latest version of LdapContrib. Resolving name clashes has been reworked there. Note that LdapContrib will try to keep any previous mapping decision stable ... but not so when you delete the cache.db file, as that's the source to read up any previous decision.
-- MichaelDaum - 04 Jul 2014
QuestionForm edit
| Subject | LDAP |
| Extension | LdapContrib |
| Version | Foswiki 1.1.9 |
| Status | Answered |
| Related Topics |
Edit | Attach | Print version | History: r3 < r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r3 - 04 Jul 2014, MichaelDaum
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy