Best way to migrate from LDAP authentication to internal authentication

Hi,

we are using wiki for several years. Installed version is 13.10.2. I need to move the XWiki to a new location where no LDAP authentication is available.

My question is if there are any best practices on how to migrate from an LDAP based authentication to the internal authentication.

Thanks in advance.

XWiki LDAP users are basically already standard XWiki users except for a few key differences:

  1. those users contain a special LDAPProfileClass object which contains the user LDAP DN and UID, the presence of that object is also used as a criterion to show or not the helper to change one’s own password (this is definitely not a very good criterion and there has been discussions to change it but nobody is actively working on this right now).
  2. those users don’t have any password, so nobody can login “natively” with them
  3. in the case of standard XWiki authenticator the “USERNAME” you type in the login form is the name of the user profile page and this might be different from the one user would type in the case of LDAP if
    • you configured a specific user page format
    • the LDAP login contains some forbidden characters (like white space or dot)

For 1. if you want user to have the UI in the profile to change password, you will need to write a script which remove from all the users profiles the XWiki.LDAPProfileClass object (if you know how to write a script in XWiki already, it should be very easy).

For 2. I guess the simplest would be to tell your users to use the “Forgot your password?” feature.

For 3. there are two scenarios:

  • the old LDAP login and user profile pages are the same already: nothing to do
  • the login and user profile pages are different: I guess the simplest would be to tell your users to use the “Forgot your username?” feature. I would really not recommend renaming your users pages as it could cause quite a mess in terms of authoring, especially in the history (linking a specific version to the user who did the change).

Never written a script in Wiki, but it looks like that this is the time to learn :wink:

Thanks a lot. I will try this on a copy.

https://snippets.xwiki.org/xwiki/bin/view/Extension/Clear%20all%20notifications%20settings%20for%20users/ might help a bit as an example of script manipulating (other kinds of) objects in users profiles.

Looks good, I am bit rusty using velocity. I think I will understand this.
Do you have pointer to a groovy example ? My groovy is much better than my velocity.

I can’t see much interesting example in Groovy on https://snippets.xwiki.org/xwiki/bin/view/Extension/#. But a groovy script should be using pretty much the same API as the Velocity example.

Thanks again ! I will try :slight_smile: