I have installed and configured xwiki 13.2 Ubuntu 20.04 Tomcat9 PGSQL
Configured integration with AD using LDAP Authenticator / LDAP Application.
Everything works, users are created and authorized, fields are filled in, groups are created.
But, when I remove a user from the AD group, it remains in the Xwiki group. ResetGroupCashe doesn’t help.
What to do?
Thanks in advance!
Yes that’s a current limitation of the authenticator. The reason is that updates are done when a user authenticate and by definition a removed user is not going to try to authenticate.
All you can do right now is manually disable/remove a user you moved on LDAP side.
The only way to support this auto disable/remove would be to write a scheduler which regularly check if all the XWiki LDAP users still exist on the LDAP server side.
Thanks for the answer!
Apparently you didn’t understand)
When I remove a user from the AD group, it remains in the XWIKI group
My english is bad(
Indeed, I read a bit too fast. Users authenticating are definitely removed from configured groups when there are no longer in there on LDAP side.
I can only think of the following reasons:
- the user did not authenticate yet (as I explain any user related change is done when this user authenticate)
- you have
xwiki.authentication.ldap.mode_group_sync=createinstead of the default
- the group cache was not really invalidated (you can make extra sure of that by restarting XWiki)
Thank you so much!
Can I make changes at the same time, both through the GUI and through xwiki.cfg?
Any change to
xwiki.cfg requires a restart to be taken into account.
Does not work.
Please advise which log to look at?
I have been working with XWIKI for two days))
Did you check https://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/#HEnableLDAPdebuglog on how to enable debug log for LDAP ?
Checked it out. It also happens in LTSC.
I turned on logging, but where can I watch the logs?
You can find some help on Logging (XWiki.org) regarding where to find the log depending on your setup.
Nothing interesting( Only tomcat logs